Malware Analysis Report

2024-11-30 12:44

Sample ID 240822-zplz3azdqm
Target jjsploit.exe
SHA256 1b2ee4937e0355f15cd9a7245ae9e4dcfcee5ea88d1cfd4dfbffa9e6177a96d7
Tags
pyinstaller pysilon
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1b2ee4937e0355f15cd9a7245ae9e4dcfcee5ea88d1cfd4dfbffa9e6177a96d7

Threat Level: Known bad

The file jjsploit.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon

Pysilon family

Detect Pysilon

Enumerates VirtualBox DLL files

Loads dropped DLL

Enumerates physical storage devices

Unsigned PE

Detects Pyinstaller

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-22 20:53

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10-20240611-en

Max time kernel

315s

Max time network

1613s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10v2004-20240802-en

Max time kernel

1368s

Max time network

1157s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10v2004-20240802-en

Max time kernel

1743s

Max time network

1152s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10v2004-20240802-en

Max time kernel

1656s

Max time network

1138s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 34.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10v2004-20240802-en

Max time kernel

1761s

Max time network

1129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jjsploit.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3612 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe C:\Users\Admin\AppData\Local\Temp\jjsploit.exe
PID 3612 wrote to memory of 1508 N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe C:\Users\Admin\AppData\Local\Temp\jjsploit.exe

Processes

C:\Users\Admin\AppData\Local\Temp\jjsploit.exe

"C:\Users\Admin\AppData\Local\Temp\jjsploit.exe"

C:\Users\Admin\AppData\Local\Temp\jjsploit.exe

"C:\Users\Admin\AppData\Local\Temp\jjsploit.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI36122\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI36122\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

MD5 141643e11c48898150daa83802dbc65f
SHA1 0445ed0f69910eeaee036f09a39a13c6e1f37e12
SHA256 86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741
SHA512 ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

C:\Users\Admin\AppData\Local\Temp\_MEI36122\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

MD5 43136dde7dd276932f6197bb6d676ef4
SHA1 6b13c105452c519ea0b65ac1a975bd5e19c50122
SHA256 189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714
SHA512 e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

C:\Users\Admin\AppData\Local\Temp\_MEI36122\python312.dll

MD5 cae8fa4e7cb32da83acf655c2c39d9e1
SHA1 7a0055588a2d232be8c56791642cb0f5abbc71f8
SHA256 8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93
SHA512 db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

C:\Users\Admin\AppData\Local\Temp\_MEI36122\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI36122\base_library.zip

MD5 763d1a751c5d47212fbf0caea63f46f5
SHA1 845eaa1046a47b5cf376b3dbefcf7497af25f180
SHA256 378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7
SHA512 bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_ctypes.pyd

MD5 c8afa1ebb28828e1115c110313d2a810
SHA1 1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a
SHA256 8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0
SHA512 4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

C:\Users\Admin\AppData\Local\Temp\_MEI36122\python3.DLL

MD5 8dbe9bbf7118f4862e02cd2aaf43f1ab
SHA1 935bc8c5cea4502d0facf0c49c5f2b9c138608ed
SHA256 29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db
SHA512 938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_bz2.pyd

MD5 dd26ed92888de9c57660a7ad631bb916
SHA1 77d479d44d9e04f0a1355569332233459b69a154
SHA256 324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697
SHA512 d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_lzma.pyd

MD5 8cfbafe65d6e38dde8e2e8006b66bb3e
SHA1 cb63addd102e47c777d55753c00c29c547e2243c
SHA256 6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff
SHA512 fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_hashlib.pyd

MD5 d19cb5ca144ae1fd29b6395b0225cf40
SHA1 5b9ec6e656261ce179dfcfd5c6a3cfe07c2dfeb4
SHA256 f95ec2562a3c70fb1a6e44d72f4223ce3c7a0f0038159d09dce629f59591d5aa
SHA512 9ac3a8a4dbdb09be3760e7ccb11269f82a47b24c03d10d289bcdded9a43e57d3cd656f8d060d66b810382ecac3a62f101f83ea626b58cd0b5a3cca25b67b1519

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_wmi.pyd

MD5 bed7b0ced98fa065a9b8fe62e328713f
SHA1 e329ebca2df8889b78ce666e3fb909b4690d2daa
SHA256 5818679010bb536a3d463eeee8ce203e880a8cd1c06bf1cb6c416ab0dc024d94
SHA512 c95f7bb6ca9afba50bf0727e971dff7326ce0e23a4bfa44d62f2ed67ed5fede1b018519dbfa0ed3091d485ed0ace68b52dd0bb2921c9c1e3bc1fa875cd3d2366

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_uuid.pyd

MD5 8f5402bb6aac9c4ff9b4ce5ac3f0f147
SHA1 87207e916d0b01047b311d78649763d6e001c773
SHA256 793e44c75e7d746af2bb5176e46c454225f07cb27b1747f1b83d1748d81ad9ac
SHA512 65fdef32aeba850aa818a8c8bf794100725a9831b5242350e6c04d0bca075762e1b650f19c437a17b150e9fca6ad344ec4141a041fa12b5a91652361053c7e81

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_tkinter.pyd

MD5 e38a6b96f5cc200f21da22d49e321da3
SHA1 4ea69d2b021277ab0b473cfd44e4bfd17e3bac3b
SHA256 f0ebdf2ca7b33c26b8938efa59678068d3840957ee79d2b3c576437f8f913f20
SHA512 3df55cdd44ea4789fb2de9672f421b7ff9ad798917417dcb5b1d8575804306fb7636d436965598085d2e87256ecb476ed69df7af05986f05b9f4a18eed9629e2

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_ssl.pyd

MD5 6a2b0f8f50b47d05f96deff7883c1270
SHA1 2b1aeb6fe9a12e0d527b042512fc8890eedb10d8
SHA256 68dad60ff6fb36c88ef1c47d1855517bfe8de0f5ddea0f630b65b622a645d53a
SHA512 a080190d4e7e1abb186776ae6e83dab4b21a77093a88fca59ce1f63c683f549a28d094818a0ee44186ddea2095111f1879008c0d631fc4a8d69dd596ef76ca37

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_sqlite3.pyd

MD5 f8869058c1f6f6352309d774c0fefde9
SHA1 4a9fd6c93785c6b6c53f33946e9b1ca5db52a4e9
SHA256 fb00951d39084e88871c813d6c4043ce8afb60ab6d012e699ddd607baa10f6e1
SHA512 37205b755985cdbb16f806cda8e7637164d1d62f410ea07501739215b9e410e91997110600ead999d726cb15ec4aef3abf673e7ad47d3ca076457c89ea2b401c

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_socket.pyd

MD5 e43aed7d6a8bcd9ddfc59c2d1a2c4b02
SHA1 36f367f68fb9868412246725b604b27b5019d747
SHA256 2c2a6a6ba360e38f0c2b5a53b4626f833a3111844d95615ebf35be0e76b1ef7a
SHA512 d92e26eb88db891de389a464f850a8da0a39af8a4d86d9894768cb97182b8351817ce14fe1eb8301b18b80d1d5d8876a48ba66eb7b874c7c3d7b009fcdbc8c4e

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_queue.pyd

MD5 7d91dd8e5f1dbc3058ea399f5f31c1e6
SHA1 b983653b9f2df66e721ece95f086c2f933d303fc
SHA256 76bba42b1392dc57a867aef385b990fa302a4f1dcf453705ac119c9c98a36e8d
SHA512 b8e7369da79255a4bb2ed91ba0c313b4578ee45c94e6bc74582fc14f8b2984ed8fcda0434a5bd3b72ea704e6e8fd8cbf1901f325e774475e4f28961483d6c7cf

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_overlapped.pyd

MD5 df92ea698a3d0729b70a4306bbe3029f
SHA1 b82f3a43568148c64a46e2774aec39bf1f2d3c1e
SHA256 46dec978ec8cb2146854739bfeddea93335dcc92a25d719352b94f9517855032
SHA512 bdebafe1b40244a0cb6c97e75424f79cfe395774a9d03cdb02f82083110c1f4bdcac2819ba1845ad1c56e2d2e6506dcc1833e4eb269bb0f620f0eb73b4d47817

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_multiprocessing.pyd

MD5 eb859fc7f54cba118a321440ad088096
SHA1 9d3c410240f4c5269e07ffbde43d6f5e7cc30b44
SHA256 14bdd15d60b9d6141009aeedc606007c42b46c779a523d21758e57cf126dc2a4
SHA512 694a9c1cc3dc78b47faedf66248ff078e5090cfab22e95c123fb99b10192a5748748a5f0937ffd9fd8e1873ad48f290be723fe194b7eb2a731add7f5fb776c4a

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_elementtree.pyd

MD5 cc5f891ee902fe380878e4bd3d82c011
SHA1 3ea48a0cf383b176f4e0ed71ed5e2b9d09dbbd1d
SHA256 d134e731716bb4538596fa42b5b48602ea18e3ebaab1ed0dc04a9e66fed3f5e2
SHA512 0a5e1cb4359ba4d4bc5153de002108b6d760fd9b2a8be11d0091006578dc38f93aa45951648603c738c0580373fbaea3b2534b21ee44107a0e66b3252df92dd3

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_decimal.pyd

MD5 cea3b419c7ca87140a157629c6dbd299
SHA1 7dbff775235b1937b150ae70302b3208833dc9be
SHA256 95b9850e6fb335b235589dd1348e007507c6b28e332c9abb111f2a0035c358e5
SHA512 6e3a6781c0f05bb5182073cca1e69b6df55f05ff7cdcea394bacf50f88605e2241b7387f1d8ba9f40a96832d04f55edb80003f0cf1e537a26f99408ee9312f5b

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_cffi_backend.cp312-win_amd64.pyd

MD5 d8caf1c098db12b2eba8edae51f31c10
SHA1 e533ac6c614d95c09082ae951b3b685daca29a8f
SHA256 364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d
SHA512 77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

C:\Users\Admin\AppData\Local\Temp\_MEI36122\_asyncio.pyd

MD5 cc0f232f2a8a359dee29a573667e6d77
SHA1 d3ffbf5606d9c77a0de0b7456f7a5314f420b1f7
SHA256 7a5c88ce496bafdf31a94ae6d70b017070703bc0a7da1dfae7c12b21bb61030d
SHA512 48484177bf55179607d66f5a5837a35cd586e8a9fb185de8b10865aab650b056a61d1dc96370c5efc6955ccb4e34b31810f8e1c8f5f02d268f565a73b4ff5657

C:\Users\Admin\AppData\Local\Temp\_MEI36122\zlib1.dll

MD5 5eac41b641e813f2a887c25e7c87a02e
SHA1 ec3f6cf88711ef8cfb3cc439cb75471a2bb9e1b5
SHA256 b1f58a17f3bfd55523e7bef685acf5b32d1c2a6f25abdcd442681266fd26ab08
SHA512 cad34a495f1d67c4d79ed88c5c52cf9f2d724a1748ee92518b8ece4e8f2fe1d443dfe93fb9dba8959c0e44c7973af41eb1471507ab8a5b1200a25d75287d5de5

C:\Users\Admin\AppData\Local\Temp\_MEI36122\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI36122\unicodedata.pyd

MD5 b848e259fabaf32b4b3c980a0a12488d
SHA1 da2e864e18521c86c7d8968db74bb2b28e4c23e2
SHA256 c65073b65f107e471c9be3c699fb11f774e9a07581f41229582f7b2154b6fc3c
SHA512 4c6953504d1401fe0c74435bceebc5ec7bf8991fd42b659867a3529cee5cc64da54f1ab404e88160e747887a7409098f1a85a546bc40f12f0dde0025408f9e27

C:\Users\Admin\AppData\Local\Temp\_MEI36122\tk86t.dll

MD5 966580716c0d6b7eec217071a6df6796
SHA1 e3d2d4a7ec61d920130d7a745586ceb7aad4184d
SHA256 afc13fce0690c0a4b449ec7ed4fb0233a8359911c1c0ba26a285f32895dbb3d2
SHA512 cf0675ea888a6d1547842bcfb27d45815b164337b4a285253716917eb157c6df3cc97cba8ad2ab7096e8f5131889957e0555bae9b5a8b64745ac3d2f174e3224

C:\Users\Admin\AppData\Local\Temp\_MEI36122\tcl86t.dll

MD5 3ae729942d15f4f48b1ea8c91880f1f4
SHA1 d27596d14af5adeb02edab74859b763bf6ac2853
SHA256 fe62ca2b01b0ec8a609b48f165ca9c6a91653d3966239243ad352dd4c8961760
SHA512 355800e9152daad675428421b867b6d48e2c8f8be9ca0284f221f27fae198c8f07d90980e04d807b50a88f92ffb946dc53b7564e080e2e0684f7f6ccc84ff245

C:\Users\Admin\AppData\Local\Temp\_MEI36122\sqlite3.dll

MD5 956ef70f60fb099d31a79fa7334359ad
SHA1 336a78492c0e10fab4baa0add7552e52f61dd110
SHA256 809c7b48b73c95b361d13c753e7a6e3c83124a27e18aac81df7c876f32e98e00
SHA512 7fd74b92e32a385b193264d0f08a390eec672e508ef85bf0439bdb713a9c8909688f845bcacd4adb3dd91b08a3eb40ae32532a08fc9378ed4530646fb871fd50

C:\Users\Admin\AppData\Local\Temp\_MEI36122\select.pyd

MD5 79ce1ae3a23dff6ed5fc66e6416600cd
SHA1 6204374d99144b0a26fd1d61940ff4f0d17c2212
SHA256 678e09ad44be42fa9bc9c7a18c25dbe995a59b6c36a13eecc09c0f02a647b6f0
SHA512 a4e48696788798a7d061c0ef620d40187850741c2bec357db0e37a2dd94d3a50f9f55ba75dc4d95e50946cbab78b84ba1fc42d51fd498640a231321566613daa

C:\Users\Admin\AppData\Local\Temp\_MEI36122\SDL2_ttf.dll

MD5 f187dfdccc102436e27704dc572a2c16
SHA1 be4d499e66b8c4eb92480e4f520ccd8eaaa39b04
SHA256 fcdfabdfce868eb33f7514025ff59c1bb6c418f1bcd6ace2300a9cd4053e1d63
SHA512 75002d96153dfd2bfdd6291f842fb553695ef3997012dae0b9a537c95c3f3a83b844a8d1162faefcddf9e1807f3db23b1a10c2789c95dd5f6fad2286bae91afb

C:\Users\Admin\AppData\Local\Temp\_MEI36122\SDL2_mixer.dll

MD5 201aa86dc9349396b83eed4c15abe764
SHA1 1a239c479e275aa7be93c5372b2d35e98d8d8cec
SHA256 2a0fc5e9f72c2eaec3240cb82b7594a58ccda609485981f256b94d0a4dd8d6f8
SHA512 bb2cd185d1d936ceca3cc20372c98a1b1542288ad5523ff8b823fb5e842205656ec2f615f076929c69987c7468245a452238b509d37109c9bec26be5f638f3b7

C:\Users\Admin\AppData\Local\Temp\_MEI36122\SDL2_image.dll

MD5 b8d249a5e394b4e6a954c557af1b80e6
SHA1 b03bb9d09447114a018110bfb91d56ef8d5ec3bb
SHA256 1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194
SHA512 2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

C:\Users\Admin\AppData\Local\Temp\_MEI36122\SDL2.dll

MD5 83c5ff24eae3b9038d74ad91dc884e32
SHA1 81bf9f8109d73604768bf5310f1f70af62b72e43
SHA256 520d0459b91efa32fbccf9027a9ca1fc5aae657e679ce8e90f179f9cf5afd279
SHA512 38ff01891ad5093d0e4f222c5ab703a540514271bf3b94fb65f910193262af722adb9d4f4d2bd6a54c090a7d631d8c98497b7d78bd21359fdea756ff3ac63689

C:\Users\Admin\AppData\Local\Temp\_MEI36122\pyexpat.pyd

MD5 815f1bdabb79c6a12b38d84aa343196d
SHA1 916483149875a5e20c6046ceffef62dd6089ddd5
SHA256 31712ae276e2ced05ecda3e1c08fbbcc2cff8474a972626aba55f7797f0ed8c9
SHA512 1078e7e48b6f6ed160ae2bccf80a43a5f1cca769b8a690326e112bf20d7f3d018f855f6aa3b56d315dc0853472e0affcfe8e910b5ce69ce952983cfaa496c21d

C:\Users\Admin\AppData\Local\Temp\_MEI36122\portmidi.dll

MD5 df538704b8cd0b40096f009fd5d1b767
SHA1 d2399fbb69d237d43624e987445694ec7e0b8615
SHA256 c9f8d9043ac1570b10f104f2d00aec791f56261c84ee40773be73d0a3822e013
SHA512 408de3e99bc1bfb5b10e58ae621c0f9276530913ff26256135fe44ce78016de274cbe4c3e967457eb71870aad34dfeb362058afcebfa2d9e64f05604ab1517d4

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libwebp-7.dll

MD5 2c5aca898ff88eb2c9028bbeefebbd1e
SHA1 7a0048674ef614bebe6cc83b1228d670372076c9
SHA256 9a53563b6058f70f2725029b7dd2fe96f869c20e8090031cd303e994dfe07b50
SHA512 46fe8b151e3a13ab506c4fc8a9f3f0f47b21f64f37097a4f1f573b547443ed23e7b2f489807c1623fbc41015f7da11665d88690d8cd0ddd61aa53789586c5a13

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libtiff-5.dll

MD5 7d40a697ca6f21a8f09468b9fce565ad
SHA1 dc3b7f7fc0d9056af370e06f1451a65e77ff07f7
SHA256 ebfe97ac5ef26b94945af3db5ffd110a4b8e92dc02559bf81ccb33f0d5ebce95
SHA512 5a195e3123f7f17d92b7eca46b9afa1ea600623ad6929ac29197447bb4d474a068fd5f61fca6731a60514125d3b0b2cafe1ff6be3a0161251a366355b660d61a

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libpng16-16.dll

MD5 3a26cd3f92436747d2285dcef1fae67f
SHA1 e3d1403be06beb32fc8dc7e8a58c31e18b586a70
SHA256 e688b4a4d18f4b6ccc99c6ca4980f51218cb825610775192d9b60b2f05eff2d5
SHA512 73d651f063246723807d837811ead30e3faca8cb0581603f264c28fea1b2bdb6d874a73c1288c7770e95463786d6945b065d4ca1cf553e08220aea4e78a6f37f

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libopusfile-0.dll

MD5 245498839af5a75cd034190fe805d478
SHA1 d164c38fd9690b8649afaef7c048f4aabb51dba8
SHA256 ccaaca81810bd2d1cab4692b4253a639f8d5516996db0e24d881efd3efdcc6a4
SHA512 4181dea590cbc7a9e06729b79201aa29e8349408cb922de8d4cda555fc099b3e10fee4f5a9ddf1a22eaec8f5ede12f9d6e37ed7ad0486beb12b7330cca51a79e

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libopus-0.x64.dll

MD5 0e078e75ab375a38f99245b3fefa384a
SHA1 b4c2fda3d4d72c3e3294beb8aa164887637ca22a
SHA256 c84da836e8d92421ac305842cfe5a724898ed09d340d46b129e210bdc9448131
SHA512 fa838dab0a8a07ee7c370dd617073a5f795838c3518a6f79ee17d5ebc48b78cebd680e9c8cbe54f912ceb0ae6112147fb40182bcfdcc194b73aa6bab21427bfd

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libopus-0.dll

MD5 e1adac219ec78b7b2ac9999d8c2e1c94
SHA1 6910ec9351bee5c355587e42bbb2d75a65ffc0cf
SHA256 771cae79410f7fcc4f993a105a18c4ed9e8cbddd6f807a42228d95f575808806
SHA512 da1912243491227168e23fb92def056b229f9f1d8c35ae122e1a0474b0be84ceb7167b138f2ee5fffd812b80c6aca719250aca6b25931585e224e27384f4cc67

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libogg-0.dll

MD5 307ef797fc1af567101afba8f6ce6a8c
SHA1 0023f520f874a0c3eb3dc1fe8df73e71bde5f228
SHA256 57abc4f6a9accdd08bf9a2b022a66640cc626a5bd4dac6c7c4f06a5df61ee1fe
SHA512 5b0b6049844c6fef0cd2b6b1267130bb6e4c17b26afc898cfc17499ef05e79096cd705007a74578f11a218786119be37289290c5c47541090d7b9dea2908688e

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libmodplug-1.dll

MD5 ead020db018b03e63a64ebff14c77909
SHA1 89bb59ae2b3b8ec56416440642076ae7b977080e
SHA256 0c1a9032812ec4c20003a997423e67b71ecb5e59d62cdc18a5bf591176a9010e
SHA512 c4742d657e5598c606ceff29c0abb19c588ba7976a7c4bff1df80a3109fe7df25e7d0dace962ec3962a94d2715a4848f2acc997a0552bf8d893ff6e7a78857e5

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libjpeg-9.dll

MD5 c540308d4a8e6289c40753fdd3e1c960
SHA1 1b84170212ca51970f794c967465ca7e84000d0e
SHA256 3a224af540c96574800f5e9acf64b2cdfb9060e727919ec14fbd187a9b5bfe69
SHA512 1dadc6b92de9af998f83faf216d2ab6483b2dea7cdea3387ac846e924adbf624f36f8093daf5cee6010fea7f3556a5e2fcac494dbc87b5a55ce564c9cd76f92b

C:\Users\Admin\AppData\Local\Temp\_MEI36122\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI36122\freetype.dll

MD5 236f879a5dd26dc7c118d43396444b1c
SHA1 5ed3e4e084471cf8600fb5e8c54e11a254914278
SHA256 1c487392d6d06970ba3c7b52705881f1fb069f607243499276c2f0c033c7df6f
SHA512 cc9326bf1ae8bf574a4715158eba889d7f0d5e3818e6f57395740a4b593567204d6eef95b6e99d2717128c3bffa34a8031c213ff3f2a05741e1eaf3ca07f2254

C:\Users\Admin\AppData\Local\Temp\_MEI36122\charset_normalizer\md.cp312-win_amd64.pyd

MD5 d9e0217a89d9b9d1d778f7e197e0c191
SHA1 ec692661fcc0b89e0c3bde1773a6168d285b4f0d
SHA256 ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0
SHA512 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

Analysis: behavioral6

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10v2004-20240802-en

Max time kernel

1363s

Max time network

1152s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 34.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10-20240404-en

Max time kernel

378s

Max time network

1574s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10-20240404-en

Max time kernel

316s

Max time network

1587s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10v2004-20240802-en

Max time kernel

1361s

Max time network

1149s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 44.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
NL 52.178.17.2:443 tcp
US 8.8.8.8:53 43.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10-20240404-en

Max time kernel

316s

Max time network

1597s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 34.56.20.217.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10-20240404-en

Max time kernel

314s

Max time network

1588s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jjsploit.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3152 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe C:\Users\Admin\AppData\Local\Temp\jjsploit.exe
PID 3152 wrote to memory of 1524 N/A C:\Users\Admin\AppData\Local\Temp\jjsploit.exe C:\Users\Admin\AppData\Local\Temp\jjsploit.exe

Processes

C:\Users\Admin\AppData\Local\Temp\jjsploit.exe

"C:\Users\Admin\AppData\Local\Temp\jjsploit.exe"

C:\Users\Admin\AppData\Local\Temp\jjsploit.exe

"C:\Users\Admin\AppData\Local\Temp\jjsploit.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI31522\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI31522\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

MD5 141643e11c48898150daa83802dbc65f
SHA1 0445ed0f69910eeaee036f09a39a13c6e1f37e12
SHA256 86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741
SHA512 ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

C:\Users\Admin\AppData\Local\Temp\_MEI31522\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

MD5 43136dde7dd276932f6197bb6d676ef4
SHA1 6b13c105452c519ea0b65ac1a975bd5e19c50122
SHA256 189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714
SHA512 e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

C:\Users\Admin\AppData\Local\Temp\_MEI31522\python312.dll

MD5 cae8fa4e7cb32da83acf655c2c39d9e1
SHA1 7a0055588a2d232be8c56791642cb0f5abbc71f8
SHA256 8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93
SHA512 db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

\Users\Admin\AppData\Local\Temp\_MEI31522\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI31522\base_library.zip

MD5 763d1a751c5d47212fbf0caea63f46f5
SHA1 845eaa1046a47b5cf376b3dbefcf7497af25f180
SHA256 378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7
SHA512 bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_ctypes.pyd

MD5 c8afa1ebb28828e1115c110313d2a810
SHA1 1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a
SHA256 8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0
SHA512 4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

C:\Users\Admin\AppData\Local\Temp\_MEI31522\python3.DLL

MD5 8dbe9bbf7118f4862e02cd2aaf43f1ab
SHA1 935bc8c5cea4502d0facf0c49c5f2b9c138608ed
SHA256 29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db
SHA512 938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

\Users\Admin\AppData\Local\Temp\_MEI31522\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_lzma.pyd

MD5 8cfbafe65d6e38dde8e2e8006b66bb3e
SHA1 cb63addd102e47c777d55753c00c29c547e2243c
SHA256 6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff
SHA512 fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

\Users\Admin\AppData\Local\Temp\_MEI31522\_hashlib.pyd

MD5 d19cb5ca144ae1fd29b6395b0225cf40
SHA1 5b9ec6e656261ce179dfcfd5c6a3cfe07c2dfeb4
SHA256 f95ec2562a3c70fb1a6e44d72f4223ce3c7a0f0038159d09dce629f59591d5aa
SHA512 9ac3a8a4dbdb09be3760e7ccb11269f82a47b24c03d10d289bcdded9a43e57d3cd656f8d060d66b810382ecac3a62f101f83ea626b58cd0b5a3cca25b67b1519

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_wmi.pyd

MD5 bed7b0ced98fa065a9b8fe62e328713f
SHA1 e329ebca2df8889b78ce666e3fb909b4690d2daa
SHA256 5818679010bb536a3d463eeee8ce203e880a8cd1c06bf1cb6c416ab0dc024d94
SHA512 c95f7bb6ca9afba50bf0727e971dff7326ce0e23a4bfa44d62f2ed67ed5fede1b018519dbfa0ed3091d485ed0ace68b52dd0bb2921c9c1e3bc1fa875cd3d2366

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_uuid.pyd

MD5 8f5402bb6aac9c4ff9b4ce5ac3f0f147
SHA1 87207e916d0b01047b311d78649763d6e001c773
SHA256 793e44c75e7d746af2bb5176e46c454225f07cb27b1747f1b83d1748d81ad9ac
SHA512 65fdef32aeba850aa818a8c8bf794100725a9831b5242350e6c04d0bca075762e1b650f19c437a17b150e9fca6ad344ec4141a041fa12b5a91652361053c7e81

\Users\Admin\AppData\Local\Temp\_MEI31522\_ssl.pyd

MD5 6a2b0f8f50b47d05f96deff7883c1270
SHA1 2b1aeb6fe9a12e0d527b042512fc8890eedb10d8
SHA256 68dad60ff6fb36c88ef1c47d1855517bfe8de0f5ddea0f630b65b622a645d53a
SHA512 a080190d4e7e1abb186776ae6e83dab4b21a77093a88fca59ce1f63c683f549a28d094818a0ee44186ddea2095111f1879008c0d631fc4a8d69dd596ef76ca37

\Users\Admin\AppData\Local\Temp\_MEI31522\charset_normalizer\md.cp312-win_amd64.pyd

MD5 d9e0217a89d9b9d1d778f7e197e0c191
SHA1 ec692661fcc0b89e0c3bde1773a6168d285b4f0d
SHA256 ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0
SHA512 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

\Users\Admin\AppData\Local\Temp\_MEI31522\_queue.pyd

MD5 7d91dd8e5f1dbc3058ea399f5f31c1e6
SHA1 b983653b9f2df66e721ece95f086c2f933d303fc
SHA256 76bba42b1392dc57a867aef385b990fa302a4f1dcf453705ac119c9c98a36e8d
SHA512 b8e7369da79255a4bb2ed91ba0c313b4578ee45c94e6bc74582fc14f8b2984ed8fcda0434a5bd3b72ea704e6e8fd8cbf1901f325e774475e4f28961483d6c7cf

\Users\Admin\AppData\Local\Temp\_MEI31522\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

\Users\Admin\AppData\Local\Temp\_MEI31522\select.pyd

MD5 79ce1ae3a23dff6ed5fc66e6416600cd
SHA1 6204374d99144b0a26fd1d61940ff4f0d17c2212
SHA256 678e09ad44be42fa9bc9c7a18c25dbe995a59b6c36a13eecc09c0f02a647b6f0
SHA512 a4e48696788798a7d061c0ef620d40187850741c2bec357db0e37a2dd94d3a50f9f55ba75dc4d95e50946cbab78b84ba1fc42d51fd498640a231321566613daa

\Users\Admin\AppData\Local\Temp\_MEI31522\_socket.pyd

MD5 e43aed7d6a8bcd9ddfc59c2d1a2c4b02
SHA1 36f367f68fb9868412246725b604b27b5019d747
SHA256 2c2a6a6ba360e38f0c2b5a53b4626f833a3111844d95615ebf35be0e76b1ef7a
SHA512 d92e26eb88db891de389a464f850a8da0a39af8a4d86d9894768cb97182b8351817ce14fe1eb8301b18b80d1d5d8876a48ba66eb7b874c7c3d7b009fcdbc8c4e

\Users\Admin\AppData\Local\Temp\_MEI31522\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_tkinter.pyd

MD5 e38a6b96f5cc200f21da22d49e321da3
SHA1 4ea69d2b021277ab0b473cfd44e4bfd17e3bac3b
SHA256 f0ebdf2ca7b33c26b8938efa59678068d3840957ee79d2b3c576437f8f913f20
SHA512 3df55cdd44ea4789fb2de9672f421b7ff9ad798917417dcb5b1d8575804306fb7636d436965598085d2e87256ecb476ed69df7af05986f05b9f4a18eed9629e2

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_sqlite3.pyd

MD5 f8869058c1f6f6352309d774c0fefde9
SHA1 4a9fd6c93785c6b6c53f33946e9b1ca5db52a4e9
SHA256 fb00951d39084e88871c813d6c4043ce8afb60ab6d012e699ddd607baa10f6e1
SHA512 37205b755985cdbb16f806cda8e7637164d1d62f410ea07501739215b9e410e91997110600ead999d726cb15ec4aef3abf673e7ad47d3ca076457c89ea2b401c

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_overlapped.pyd

MD5 df92ea698a3d0729b70a4306bbe3029f
SHA1 b82f3a43568148c64a46e2774aec39bf1f2d3c1e
SHA256 46dec978ec8cb2146854739bfeddea93335dcc92a25d719352b94f9517855032
SHA512 bdebafe1b40244a0cb6c97e75424f79cfe395774a9d03cdb02f82083110c1f4bdcac2819ba1845ad1c56e2d2e6506dcc1833e4eb269bb0f620f0eb73b4d47817

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_multiprocessing.pyd

MD5 eb859fc7f54cba118a321440ad088096
SHA1 9d3c410240f4c5269e07ffbde43d6f5e7cc30b44
SHA256 14bdd15d60b9d6141009aeedc606007c42b46c779a523d21758e57cf126dc2a4
SHA512 694a9c1cc3dc78b47faedf66248ff078e5090cfab22e95c123fb99b10192a5748748a5f0937ffd9fd8e1873ad48f290be723fe194b7eb2a731add7f5fb776c4a

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_elementtree.pyd

MD5 cc5f891ee902fe380878e4bd3d82c011
SHA1 3ea48a0cf383b176f4e0ed71ed5e2b9d09dbbd1d
SHA256 d134e731716bb4538596fa42b5b48602ea18e3ebaab1ed0dc04a9e66fed3f5e2
SHA512 0a5e1cb4359ba4d4bc5153de002108b6d760fd9b2a8be11d0091006578dc38f93aa45951648603c738c0580373fbaea3b2534b21ee44107a0e66b3252df92dd3

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_decimal.pyd

MD5 cea3b419c7ca87140a157629c6dbd299
SHA1 7dbff775235b1937b150ae70302b3208833dc9be
SHA256 95b9850e6fb335b235589dd1348e007507c6b28e332c9abb111f2a0035c358e5
SHA512 6e3a6781c0f05bb5182073cca1e69b6df55f05ff7cdcea394bacf50f88605e2241b7387f1d8ba9f40a96832d04f55edb80003f0cf1e537a26f99408ee9312f5b

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_cffi_backend.cp312-win_amd64.pyd

MD5 d8caf1c098db12b2eba8edae51f31c10
SHA1 e533ac6c614d95c09082ae951b3b685daca29a8f
SHA256 364208a97336f577d99bbaaed6d2cf8a4a24d6693b323de4665f75a964ca041d
SHA512 77e36f4fb44374b7c58a9005a1d7dfeb3214eabb90786e8a7c6593b5b1c7a305d6aa446be7a06ae0ff38f2bedea68cacb39053b7b7ec297bff3571b3922fd938

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_asyncio.pyd

MD5 cc0f232f2a8a359dee29a573667e6d77
SHA1 d3ffbf5606d9c77a0de0b7456f7a5314f420b1f7
SHA256 7a5c88ce496bafdf31a94ae6d70b017070703bc0a7da1dfae7c12b21bb61030d
SHA512 48484177bf55179607d66f5a5837a35cd586e8a9fb185de8b10865aab650b056a61d1dc96370c5efc6955ccb4e34b31810f8e1c8f5f02d268f565a73b4ff5657

C:\Users\Admin\AppData\Local\Temp\_MEI31522\zlib1.dll

MD5 5eac41b641e813f2a887c25e7c87a02e
SHA1 ec3f6cf88711ef8cfb3cc439cb75471a2bb9e1b5
SHA256 b1f58a17f3bfd55523e7bef685acf5b32d1c2a6f25abdcd442681266fd26ab08
SHA512 cad34a495f1d67c4d79ed88c5c52cf9f2d724a1748ee92518b8ece4e8f2fe1d443dfe93fb9dba8959c0e44c7973af41eb1471507ab8a5b1200a25d75287d5de5

C:\Users\Admin\AppData\Local\Temp\_MEI31522\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI31522\unicodedata.pyd

MD5 b848e259fabaf32b4b3c980a0a12488d
SHA1 da2e864e18521c86c7d8968db74bb2b28e4c23e2
SHA256 c65073b65f107e471c9be3c699fb11f774e9a07581f41229582f7b2154b6fc3c
SHA512 4c6953504d1401fe0c74435bceebc5ec7bf8991fd42b659867a3529cee5cc64da54f1ab404e88160e747887a7409098f1a85a546bc40f12f0dde0025408f9e27

C:\Users\Admin\AppData\Local\Temp\_MEI31522\tk86t.dll

MD5 966580716c0d6b7eec217071a6df6796
SHA1 e3d2d4a7ec61d920130d7a745586ceb7aad4184d
SHA256 afc13fce0690c0a4b449ec7ed4fb0233a8359911c1c0ba26a285f32895dbb3d2
SHA512 cf0675ea888a6d1547842bcfb27d45815b164337b4a285253716917eb157c6df3cc97cba8ad2ab7096e8f5131889957e0555bae9b5a8b64745ac3d2f174e3224

C:\Users\Admin\AppData\Local\Temp\_MEI31522\tcl86t.dll

MD5 3ae729942d15f4f48b1ea8c91880f1f4
SHA1 d27596d14af5adeb02edab74859b763bf6ac2853
SHA256 fe62ca2b01b0ec8a609b48f165ca9c6a91653d3966239243ad352dd4c8961760
SHA512 355800e9152daad675428421b867b6d48e2c8f8be9ca0284f221f27fae198c8f07d90980e04d807b50a88f92ffb946dc53b7564e080e2e0684f7f6ccc84ff245

C:\Users\Admin\AppData\Local\Temp\_MEI31522\sqlite3.dll

MD5 956ef70f60fb099d31a79fa7334359ad
SHA1 336a78492c0e10fab4baa0add7552e52f61dd110
SHA256 809c7b48b73c95b361d13c753e7a6e3c83124a27e18aac81df7c876f32e98e00
SHA512 7fd74b92e32a385b193264d0f08a390eec672e508ef85bf0439bdb713a9c8909688f845bcacd4adb3dd91b08a3eb40ae32532a08fc9378ed4530646fb871fd50

C:\Users\Admin\AppData\Local\Temp\_MEI31522\SDL2_ttf.dll

MD5 f187dfdccc102436e27704dc572a2c16
SHA1 be4d499e66b8c4eb92480e4f520ccd8eaaa39b04
SHA256 fcdfabdfce868eb33f7514025ff59c1bb6c418f1bcd6ace2300a9cd4053e1d63
SHA512 75002d96153dfd2bfdd6291f842fb553695ef3997012dae0b9a537c95c3f3a83b844a8d1162faefcddf9e1807f3db23b1a10c2789c95dd5f6fad2286bae91afb

C:\Users\Admin\AppData\Local\Temp\_MEI31522\SDL2_mixer.dll

MD5 201aa86dc9349396b83eed4c15abe764
SHA1 1a239c479e275aa7be93c5372b2d35e98d8d8cec
SHA256 2a0fc5e9f72c2eaec3240cb82b7594a58ccda609485981f256b94d0a4dd8d6f8
SHA512 bb2cd185d1d936ceca3cc20372c98a1b1542288ad5523ff8b823fb5e842205656ec2f615f076929c69987c7468245a452238b509d37109c9bec26be5f638f3b7

C:\Users\Admin\AppData\Local\Temp\_MEI31522\SDL2_image.dll

MD5 b8d249a5e394b4e6a954c557af1b80e6
SHA1 b03bb9d09447114a018110bfb91d56ef8d5ec3bb
SHA256 1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194
SHA512 2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

C:\Users\Admin\AppData\Local\Temp\_MEI31522\SDL2.dll

MD5 83c5ff24eae3b9038d74ad91dc884e32
SHA1 81bf9f8109d73604768bf5310f1f70af62b72e43
SHA256 520d0459b91efa32fbccf9027a9ca1fc5aae657e679ce8e90f179f9cf5afd279
SHA512 38ff01891ad5093d0e4f222c5ab703a540514271bf3b94fb65f910193262af722adb9d4f4d2bd6a54c090a7d631d8c98497b7d78bd21359fdea756ff3ac63689

C:\Users\Admin\AppData\Local\Temp\_MEI31522\pyexpat.pyd

MD5 815f1bdabb79c6a12b38d84aa343196d
SHA1 916483149875a5e20c6046ceffef62dd6089ddd5
SHA256 31712ae276e2ced05ecda3e1c08fbbcc2cff8474a972626aba55f7797f0ed8c9
SHA512 1078e7e48b6f6ed160ae2bccf80a43a5f1cca769b8a690326e112bf20d7f3d018f855f6aa3b56d315dc0853472e0affcfe8e910b5ce69ce952983cfaa496c21d

C:\Users\Admin\AppData\Local\Temp\_MEI31522\portmidi.dll

MD5 df538704b8cd0b40096f009fd5d1b767
SHA1 d2399fbb69d237d43624e987445694ec7e0b8615
SHA256 c9f8d9043ac1570b10f104f2d00aec791f56261c84ee40773be73d0a3822e013
SHA512 408de3e99bc1bfb5b10e58ae621c0f9276530913ff26256135fe44ce78016de274cbe4c3e967457eb71870aad34dfeb362058afcebfa2d9e64f05604ab1517d4

C:\Users\Admin\AppData\Local\Temp\_MEI31522\libwebp-7.dll

MD5 2c5aca898ff88eb2c9028bbeefebbd1e
SHA1 7a0048674ef614bebe6cc83b1228d670372076c9
SHA256 9a53563b6058f70f2725029b7dd2fe96f869c20e8090031cd303e994dfe07b50
SHA512 46fe8b151e3a13ab506c4fc8a9f3f0f47b21f64f37097a4f1f573b547443ed23e7b2f489807c1623fbc41015f7da11665d88690d8cd0ddd61aa53789586c5a13

C:\Users\Admin\AppData\Local\Temp\_MEI31522\libtiff-5.dll

MD5 7d40a697ca6f21a8f09468b9fce565ad
SHA1 dc3b7f7fc0d9056af370e06f1451a65e77ff07f7
SHA256 ebfe97ac5ef26b94945af3db5ffd110a4b8e92dc02559bf81ccb33f0d5ebce95
SHA512 5a195e3123f7f17d92b7eca46b9afa1ea600623ad6929ac29197447bb4d474a068fd5f61fca6731a60514125d3b0b2cafe1ff6be3a0161251a366355b660d61a

C:\Users\Admin\AppData\Local\Temp\_MEI31522\libpng16-16.dll

MD5 3a26cd3f92436747d2285dcef1fae67f
SHA1 e3d1403be06beb32fc8dc7e8a58c31e18b586a70
SHA256 e688b4a4d18f4b6ccc99c6ca4980f51218cb825610775192d9b60b2f05eff2d5
SHA512 73d651f063246723807d837811ead30e3faca8cb0581603f264c28fea1b2bdb6d874a73c1288c7770e95463786d6945b065d4ca1cf553e08220aea4e78a6f37f

C:\Users\Admin\AppData\Local\Temp\_MEI31522\libopusfile-0.dll

MD5 245498839af5a75cd034190fe805d478
SHA1 d164c38fd9690b8649afaef7c048f4aabb51dba8
SHA256 ccaaca81810bd2d1cab4692b4253a639f8d5516996db0e24d881efd3efdcc6a4
SHA512 4181dea590cbc7a9e06729b79201aa29e8349408cb922de8d4cda555fc099b3e10fee4f5a9ddf1a22eaec8f5ede12f9d6e37ed7ad0486beb12b7330cca51a79e

C:\Users\Admin\AppData\Local\Temp\_MEI31522\libopus-0.x64.dll

MD5 0e078e75ab375a38f99245b3fefa384a
SHA1 b4c2fda3d4d72c3e3294beb8aa164887637ca22a
SHA256 c84da836e8d92421ac305842cfe5a724898ed09d340d46b129e210bdc9448131
SHA512 fa838dab0a8a07ee7c370dd617073a5f795838c3518a6f79ee17d5ebc48b78cebd680e9c8cbe54f912ceb0ae6112147fb40182bcfdcc194b73aa6bab21427bfd

C:\Users\Admin\AppData\Local\Temp\_MEI31522\libopus-0.dll

MD5 e1adac219ec78b7b2ac9999d8c2e1c94
SHA1 6910ec9351bee5c355587e42bbb2d75a65ffc0cf
SHA256 771cae79410f7fcc4f993a105a18c4ed9e8cbddd6f807a42228d95f575808806
SHA512 da1912243491227168e23fb92def056b229f9f1d8c35ae122e1a0474b0be84ceb7167b138f2ee5fffd812b80c6aca719250aca6b25931585e224e27384f4cc67

C:\Users\Admin\AppData\Local\Temp\_MEI31522\libogg-0.dll

MD5 307ef797fc1af567101afba8f6ce6a8c
SHA1 0023f520f874a0c3eb3dc1fe8df73e71bde5f228
SHA256 57abc4f6a9accdd08bf9a2b022a66640cc626a5bd4dac6c7c4f06a5df61ee1fe
SHA512 5b0b6049844c6fef0cd2b6b1267130bb6e4c17b26afc898cfc17499ef05e79096cd705007a74578f11a218786119be37289290c5c47541090d7b9dea2908688e

C:\Users\Admin\AppData\Local\Temp\_MEI31522\libmodplug-1.dll

MD5 ead020db018b03e63a64ebff14c77909
SHA1 89bb59ae2b3b8ec56416440642076ae7b977080e
SHA256 0c1a9032812ec4c20003a997423e67b71ecb5e59d62cdc18a5bf591176a9010e
SHA512 c4742d657e5598c606ceff29c0abb19c588ba7976a7c4bff1df80a3109fe7df25e7d0dace962ec3962a94d2715a4848f2acc997a0552bf8d893ff6e7a78857e5

C:\Users\Admin\AppData\Local\Temp\_MEI31522\libjpeg-9.dll

MD5 c540308d4a8e6289c40753fdd3e1c960
SHA1 1b84170212ca51970f794c967465ca7e84000d0e
SHA256 3a224af540c96574800f5e9acf64b2cdfb9060e727919ec14fbd187a9b5bfe69
SHA512 1dadc6b92de9af998f83faf216d2ab6483b2dea7cdea3387ac846e924adbf624f36f8093daf5cee6010fea7f3556a5e2fcac494dbc87b5a55ce564c9cd76f92b

C:\Users\Admin\AppData\Local\Temp\_MEI31522\freetype.dll

MD5 236f879a5dd26dc7c118d43396444b1c
SHA1 5ed3e4e084471cf8600fb5e8c54e11a254914278
SHA256 1c487392d6d06970ba3c7b52705881f1fb069f607243499276c2f0c033c7df6f
SHA512 cc9326bf1ae8bf574a4715158eba889d7f0d5e3818e6f57395740a4b593567204d6eef95b6e99d2717128c3bffa34a8031c213ff3f2a05741e1eaf3ca07f2254

C:\Users\Admin\AppData\Local\Temp\_MEI31522\_bz2.pyd

MD5 dd26ed92888de9c57660a7ad631bb916
SHA1 77d479d44d9e04f0a1355569332233459b69a154
SHA256 324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697
SHA512 d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

Analysis: behavioral5

Detonation Overview

Submitted

2024-08-22 20:53

Reported

2024-08-22 21:24

Platform

win10-20240404-en

Max time kernel

616s

Max time network

1608s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 224.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 7.6.57.23.in-addr.arpa udp

Files

N/A