Analysis Overview
SHA256
b4a5392fe433b3647a8b9e9d8d42475dd1c9c8519798edbab270f0506559d4e3
Threat Level: Likely malicious
The file TEST..exe was found to be: Likely malicious.
Malicious Activity Summary
Command and Scripting Interpreter: PowerShell
Loads dropped DLL
Reads user/profile data of web browsers
Drops startup file
Legitimate hosting services abused for malware hosting/C2
UPX packed file
Unsigned PE
Detects Pyinstaller
System Network Configuration Discovery: Wi-Fi Discovery
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-26 05:16
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 05:16
Reported
2024-10-26 05:18
Platform
win11-20241023-en
Max time kernel
8s
Max time network
7s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TEST..exe | C:\Users\Admin\AppData\Local\Temp\TEST..exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
System Network Configuration Discovery: Wi-Fi Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TEST..exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TEST..exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TEST..exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TEST..exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\TEST..exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\TEST..exe
"C:\Users\Admin\AppData\Local\Temp\TEST..exe"
C:\Users\Admin\AppData\Local\Temp\TEST..exe
"C:\Users\Admin\AppData\Local\Temp\TEST..exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\AppData" & powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath %USERPROFILE%\Local" & powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\AppData"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath C:\Users\Admin\Local"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Set-MpPreference -ExclusionExtension '.exe'"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI49162\setuptools\_vendor\importlib_resources-6.4.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\LICENSE
| MD5 | 141643e11c48898150daa83802dbc65f |
| SHA1 | 0445ed0f69910eeaee036f09a39a13c6e1f37e12 |
| SHA256 | 86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741 |
| SHA512 | ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL
| MD5 | 43136dde7dd276932f6197bb6d676ef4 |
| SHA1 | 6b13c105452c519ea0b65ac1a975bd5e19c50122 |
| SHA256 | 189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714 |
| SHA512 | e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\python313.dll
| MD5 | 6ef5d2f77064df6f2f47af7ee4d44f0f |
| SHA1 | 0003946454b107874aa31839d41edcda1c77b0af |
| SHA256 | ab7c640f044d2eb7f4f0a4dfe5e719dfd9e5fcd769943233f5cece436870e367 |
| SHA512 | 1662cc02635d63b8114b41d11ec30a2af4b0b60209196aac937c2a608588fee47c6e93163ea6bf958246c32759ac5c82a712ea3d690e796e2070ac0ff9104266 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\VCRUNTIME140.dll
| MD5 | 862f820c3251e4ca6fc0ac00e4092239 |
| SHA1 | ef96d84b253041b090c243594f90938e9a487a9a |
| SHA256 | 36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153 |
| SHA512 | 2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e |
memory/3156-208-0x00007FFDD94A0000-0x00007FFDD9B03000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\base_library.zip
| MD5 | a9cbd0455b46c7d14194d1f18ca8719e |
| SHA1 | e1b0c30bccd9583949c247854f617ac8a14cbac7 |
| SHA256 | df6c19637d239bfedc8cd13d20e0938c65e8fdf340622ff334db533f2d30fa19 |
| SHA512 | b92468e71490a8800e51410df7068dd8099e78c79a95666ecf274a9e9206359f049490b8f60b96081fafd872ec717e67020364bcfa972f26f0d77a959637e528 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_ctypes.pyd
| MD5 | 79879c679a12fac03f472463bb8ceff7 |
| SHA1 | b530763123bd2c537313e5e41477b0adc0df3099 |
| SHA256 | 8d1a21192112e13913cb77708c105034c5f251d64517017975af8e0c4999eba3 |
| SHA512 | ca19ddaefc9ab7c868dd82008a79ea457acd71722fec21c2371d51dcfdb99738e79eff9b1913a306dbedacb0540ca84a2ec31dc2267c7b559b6a98b390c5f3a7 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\python3.DLL
| MD5 | 16855ebef31c5b1ebe767f1c617645b3 |
| SHA1 | 315521f3a748abfa35cd4d48e8dd09d0556d989b |
| SHA256 | a5c6a329698490a035133433928d04368ce6285bb91a9d074fc285de4c9a32a4 |
| SHA512 | c3957b3bd36b10c7ad6ea1ff3bc7bd65cdceb3e6b4195a25d0649aa0da179276ce170da903d77b50a38fc3d5147a45be32dbcfdbfbf76cc46301199c529adea4 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\libffi-8.dll
| MD5 | 08b000c3d990bc018fcb91a1e175e06e |
| SHA1 | bd0ce09bb3414d11c91316113c2becfff0862d0d |
| SHA256 | 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece |
| SHA512 | 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf |
memory/3156-216-0x00007FFDDE050000-0x00007FFDDE077000-memory.dmp
memory/3156-218-0x00007FFDE34D0000-0x00007FFDE34DF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_bz2.pyd
| MD5 | 58fc4c56f7f400de210e98ccb8fdc4b2 |
| SHA1 | 12cb7ec39f3af0947000295f4b50cbd6e7436554 |
| SHA256 | dfc195ebb59dc5e365efd3853d72897b8838497e15c0977b6edb1eb347f13150 |
| SHA512 | ad0c6a9a5ca719d244117984a06cce8e59ed122855e4595df242df18509752429389c3a44a8ba0abc817d61e37f64638ccbdffc17238d4c38d2364f0a10e6bc7 |
memory/3156-222-0x00007FFDDF440000-0x00007FFDDF459000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_lzma.pyd
| MD5 | 055eb9d91c42bb228a72bf5b7b77c0c8 |
| SHA1 | 5659b4a819455cf024755a493db0952e1979a9cf |
| SHA256 | de342275a648207bef9b9662c9829af222b160975ad8925cc5612cd0f182414e |
| SHA512 | c5cba050f4b805a299f5d04ec0dce9b718a16bc335cac17f23e96519da0b9eaaf25ae0e9b29ef3dc56603bfe8317cdc1a67ee6464d84a562cf04bea52c31cfac |
memory/3156-244-0x00007FFDD9F10000-0x00007FFDD9F3B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\VCRUNTIME140_1.dll
| MD5 | 68156f41ae9a04d89bb6625a5cd222d4 |
| SHA1 | 3be29d5c53808186eba3a024be377ee6f267c983 |
| SHA256 | 82a2f9ae1e6146ae3cb0f4bc5a62b7227e0384209d9b1aef86bbcc105912f7cd |
| SHA512 | f7bf8ad7cd8b450050310952c56f6a20b378a972c822ccc253ef3d7381b56ffb3ca6ce3323bea9872674ed1c02017f78ab31e9eb9927fc6b3cba957c247e5d57 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\pyexpat.pyd
| MD5 | 20981e22b263956da46264421008c0ef |
| SHA1 | 367c52c3bbdf04dc87450e3a90d71a9a039d2dcf |
| SHA256 | 44a23658bada34ce682fc2a03a620d125362f782fe401aac7b13ef531e0f5bdc |
| SHA512 | 9ef41daa6c04bead890d94a51891956b1c44e2d50dbbdcab1219b45b44b765c50dfd1473703ccb550cfca6484f04ae806137d62b725f0a4a43218305416dcb66 |
memory/3156-253-0x00007FFDDD200000-0x00007FFDDD214000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\libcrypto-3.dll
| MD5 | 8377fe5949527dd7be7b827cb1ffd324 |
| SHA1 | aa483a875cb06a86a371829372980d772fda2bf9 |
| SHA256 | 88e8aa1c816e9f03a3b589c7028319ef456f72adb86c9ddca346258b6b30402d |
| SHA512 | c59d0cbe8a1c64f2c18b5e2b1f49705d079a2259378a1f95f7a368415a2dc3116e0c3c731e9abfa626d12c02b9e0d72c98c1f91a359f5486133478144fa7f5f7 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_hashlib.pyd
| MD5 | d6f123c4453230743adcc06211236bc0 |
| SHA1 | 9f9ade18ac3e12bcc09757a3c4b5ee74cf5e794e |
| SHA256 | 7a904fa6618157c34e24aaac33fdf84035215d82c08eec6983c165a49d785dc9 |
| SHA512 | f5575d18a51207b4e9df5bb95277d4d03e3bb950c0e7b6c3dd2288645e26e1de8edcf634311c21a6bdc8c3378a71b531f840b8262db708726d36d15cb6d02441 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_socket.pyd
| MD5 | 14392d71dfe6d6bdc3ebcdbde3c4049c |
| SHA1 | 622479981e1bbc7dd13c1a852ae6b2b2aebea4d7 |
| SHA256 | a1e39e2386634069070903e2d9c2b51a42cb0d59c20b7be50ef95c89c268deb2 |
| SHA512 | 0f6359f0adc99efad5a9833f2148b066b2c4baf564ba16090e04e2b4e3a380d6aff4c9e7aeaa2ba247f020f7bd97635fcdfe4e3b11a31c9c6ea64a4142333424 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_ssl.pyd
| MD5 | 7ef27cd65635dfba6076771b46c1b99f |
| SHA1 | 14cb35ce2898ed4e871703e3b882a057242c5d05 |
| SHA256 | 6ef0ef892dc9ad68874e2743af7985590bb071e8afe3bbf8e716f3f4b10f19b4 |
| SHA512 | ac64a19d610448badfd784a55f3129d138e3b697cf2163d5ea5910d06a86d0ea48727485d97edba3c395407e2ccf8868e45dd6d69533405b606e5d9b41baadc0 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\select.pyd
| MD5 | fb70aece725218d4cba9ba9bbb779ccc |
| SHA1 | bb251c1756e5bf228c7b60daea1e3b6e3f9f0ff5 |
| SHA256 | 9d440a1b8a6a43cfaa83b9bc5c66a9a341893a285e02d25a36c4781f289c8617 |
| SHA512 | 63e6db638911966a86f423da8e539fc4ab7eb7b3fb76c30c16c582ce550f922ad78d1a77fa0605caffa524e480969659bf98176f19d5effd1fc143b1b13bbaaf |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\libssl-3.dll
| MD5 | b2e766f5cf6f9d4dcbe8537bc5bded2f |
| SHA1 | 331269521ce1ab76799e69e9ae1c3b565a838574 |
| SHA256 | 3cc6828e7047c6a7eff517aa434403ea42128c8595bf44126765b38200b87ce4 |
| SHA512 | 5233c8230497aadb9393c3ee5049e4ab99766a68f82091fe32393ee980887ebd4503bf88847c462c40c3fc786f8d179dac5cb343b980944ade43bc6646f5ad5a |
memory/3156-261-0x00007FFDD92E0000-0x00007FFDD93AE000-memory.dmp
memory/3156-265-0x00007FFDDCE90000-0x00007FFDDCE9D000-memory.dmp
memory/3156-264-0x00007FFDD9E30000-0x00007FFDD9E49000-memory.dmp
memory/3156-263-0x00007FFDD94A0000-0x00007FFDD9B03000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\setuptools\_vendor\jaraco\text\Lorem ipsum.txt
| MD5 | 4ce7501f6608f6ce4011d627979e1ae4 |
| SHA1 | 78363672264d9cd3f72d5c1d3665e1657b1a5071 |
| SHA256 | 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b |
| SHA512 | a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24 |
memory/3156-260-0x00007FFDD9C50000-0x00007FFDD9C84000-memory.dmp
memory/3156-255-0x00007FFDD53B0000-0x00007FFDD58E3000-memory.dmp
memory/3156-251-0x00007FFDDF280000-0x00007FFDDF28D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_queue.pyd
| MD5 | 513dce65c09b3abc516687f99a6971d8 |
| SHA1 | 8f744c6f79a23aa380d9e6289cb4504b0e69fe3b |
| SHA256 | d4be41574c3e17792a25793e6f5bf171baeeb4255c08cb6a5cd7705a91e896fc |
| SHA512 | 621f9670541cac5684892ec92378c46ff5e1a3d065d2e081d27277f1e83d6c60510c46cab333c6ed0ff81a25a1bdc0046c7001d14b3f885e25019f9cdd550ed0 |
memory/3156-249-0x00007FFDD9E50000-0x00007FFDD9E86000-memory.dmp
memory/3156-246-0x00007FFDE2D20000-0x00007FFDE2D2F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_wmi.pyd
| MD5 | 5fe7e224eda8f5399e259ebcb255c5eb |
| SHA1 | fd8e72ef3cc73a8748b761d97cc0a8b53249cf92 |
| SHA256 | 55eeb2b3adea1aa0de1e7494c77dc96c1739c1f9630ddf20802e8bb723787685 |
| SHA512 | 7d20eee31f00085f479218ea52f855bc99c4355ce79a2fa8bbe5bbcdadc36eb1fab0c0a16a781c52d78adabf70a005ae4844e319298eea8237c745fc45b808fa |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_uuid.pyd
| MD5 | 3acf3138d5550ca6de7e2580e076e0f7 |
| SHA1 | 3e878a18df2362aa6f0bdbfa058dca115e70d0b8 |
| SHA256 | f9d5008f0772aa0720bc056a6ecd5a2a3f24965e4b470b022d88627a436c1ffe |
| SHA512 | f05e90a0feaa2994b425884af32149fbbe2e11cb7499fc88ca92d8a74410edcd62b2b2c0f1ecd1a46985133f7e89575f2c114bd01f619c22ce52f3cf2a7e37c4 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_sqlite3.pyd
| MD5 | 8cd40257514a16060d5d882788855b55 |
| SHA1 | 1fd1ed3e84869897a1fad9770faf1058ab17ccb9 |
| SHA256 | 7d53df36ee9da2df36c2676cfaea84ee87e7e2a15ad8123f6abb48717c3bc891 |
| SHA512 | a700c3ce95ce1b3fd65a9f335c7c778643b2f7140920fe7ebf5d9be1089ba04d6c298bf28427ca774fbf412d7f9b77f45708a8a0729437f136232e72d6231c34 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_overlapped.pyd
| MD5 | 51f10ab22d2dd766df5f315ffaf6118f |
| SHA1 | 7031d26ef70f3eb8f642d628d36790ab8bfc0cde |
| SHA256 | a7afc75c7b7d919689a9f42683783c9bb8371ead77ee78b5759a705373609e63 |
| SHA512 | dac85a9cde682d892e2cb4a873578ebad52bab733d1804e895e2f95b9d213676446653d240385f0b353f07b4082788b4ed45d2be08fa2bf904f31f9ccc8b7906 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_multiprocessing.pyd
| MD5 | c7639f15afe6089a7702a81c4df8c95f |
| SHA1 | fc63d44e442414c0061b7fab77c3d503bbcdd8ce |
| SHA256 | cc2b57dff9ac911315565b28b5b006279c2972992cf0d57c22b77097c6052505 |
| SHA512 | d4c576f400423d191fb4d83d9bb8e67442d6de05c4abad436246334b54c212b71be1b9e57993b07cb3b7c58a40cccdc91e4b63cfb5de22126f9dd70981227bfc |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_elementtree.pyd
| MD5 | 96ca940a51b8fac093f9427fd14e47ba |
| SHA1 | d72cc51ba1090ca8985fe9e44b8126aaf907b13e |
| SHA256 | 8a7da78aee0ad812acf73ffbf05eb4a3c8cc400993e7527105ddfdb5bdf56d2a |
| SHA512 | 028ed8a9504dfc1ac821c41e54c020dd09f6853f79b54d6a6f744c9c7f9692954d56cc379b9ac111dde4dc797ac7d37db507be27ab5a60a966e9cd943d20a7f4 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_decimal.pyd
| MD5 | 21d27c95493c701dff0206ff5f03941d |
| SHA1 | f1f124d4b0e3092d28ba4ea4fe8cf601d5bd8600 |
| SHA256 | 38ec7a3c2f368ffeb94524d7c66250c0d2dafe58121e93e54b17c114058ea877 |
| SHA512 | a5fbda904024cd097a86d6926e0d593b0f7e69e32df347a49677818c2f4cd7dc83e2bab7c2507428328248bd2f54b00f7b2a077c8a0aad2224071f8221cb9457 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_cffi_backend.cp313-win_amd64.pyd
| MD5 | 8a32974141e88c0bdf8ff4eae7073550 |
| SHA1 | a3b85b6bff4a1fbe8361462c67b7f39dcc5358a3 |
| SHA256 | 66c059c925aee7269b4368f0d0297b460a65817dd2dad4d48c2b66de21973736 |
| SHA512 | fe04382ccfea26d75b218fe2f1905652e454b00af065280ea49f0fa9f884aacda31c62ca4e05e03c7e44b4f5cf312b84639ec4ec2542736a854bd39083c4a807 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\_asyncio.pyd
| MD5 | c3d7e7a10af3a128c3dfa7ae77fc7c7d |
| SHA1 | 020ff416e6a13c6f22cc143075d9d7b08c8f0b06 |
| SHA256 | e5f8d0735312af6b90029aac39c23e8b2f2992c7673ce71c6ec8c316d0a5cea1 |
| SHA512 | f5a66c1c2759c10c658d44415d5895ee4742d8c594f58891b2a8722b94985ec8e07b9630417773b09d274ccfa3167eb253f03a0c4d25ed0d985373fde269ec25 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\unicodedata.pyd
| MD5 | b2712b0dd79a9dafe60aa80265aa24c3 |
| SHA1 | 347e5ad4629af4884959258e3893fde92eb3c97e |
| SHA256 | b271bd656e045c1d130f171980ed34032ac7a281b8b5b6ac88e57dce12e7727a |
| SHA512 | 4dc7bd1c148a470a3b17fa0b936e3f5f68429d83d552f80051b0b88818aa88efc3fe41a2342713b7f0f2d701a080fb9d8ac4ff9be5782a6a0e81bd759f030922 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\sqlite3.dll
| MD5 | 21aea45d065ecfa10ab8232f15ac78cf |
| SHA1 | 6a754eb690ff3c7648dae32e323b3b9589a07af2 |
| SHA256 | a1a694b201976ea57d4376ae673daa21deb91f1bf799303b3a0c58455d5126e7 |
| SHA512 | d5c9dc37b509a3eafa1e7e6d78a4c1e12b5925b5340b09bee06c174d967977264c9eb45f146abed1b1fc8aa7c48f1e0d70d25786ed46849f5e7cc1c5d07ac536 |
memory/3156-268-0x00007FFDD9C20000-0x00007FFDD9C45000-memory.dmp
memory/3156-267-0x00007FFDDE050000-0x00007FFDDE077000-memory.dmp
memory/3156-270-0x00007FFDD9160000-0x00007FFDD92DF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\psutil\_psutil_windows.pyd
| MD5 | c6b58473112940b1c51daab751ad600f |
| SHA1 | f0653bbec27277efbd783a3b5fb5b2ae38ca53ae |
| SHA256 | 6c8d5a4ad401d3994dc8609dfd356382f3e3e1ab51225a8cad21434f9b75276a |
| SHA512 | 45e4ed13b924f9fb2073c4fd0f551394eefc962971e63473ab6d3b0e1dbfdf604af5591d53b92890b10904dc310ce71d12c99b6e53063f6c8c5ab1a70adcf20c |
memory/3156-273-0x00007FFDD9E10000-0x00007FFDD9E28000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\charset_normalizer\md.cp313-win_amd64.pyd
| MD5 | d0b38f1445119c61de26d4a151558ea6 |
| SHA1 | 2dc4ab4c00ff2ff48e6b68701ceb1da8620d7401 |
| SHA256 | 641bae68119122101fce6abda99ba8d486aab14e2cf7c8707b922d312a3071c7 |
| SHA512 | 8a2dbc16c95c06c70af18cbaf3f35928174f8b032ffffef08912a6c799272938c15fb3180e9f9e72b1b297c034b5d2ef2d5dafea1bcf811c430f9c962159a203 |
memory/3156-277-0x00007FFDDCD10000-0x00007FFDDCD1B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\charset_normalizer\md__mypyc.cp313-win_amd64.pyd
| MD5 | fffa67eea0cba154e5d37d484732c1a5 |
| SHA1 | da4d420d3ef574602abaf645c87be78fc2390780 |
| SHA256 | 328873bb1d98d8b539993ad1c9ad1804cd6942d1013202aa19267931f0c7994d |
| SHA512 | 5eb591671e5ea490f32f60be6e272ecf25dcbab104273defce7a3e6378a80b999a3b4471be1ea2bb5ba19aaf782551e9e61c0edb2550cd72cfc766aa35b50b79 |
memory/3156-279-0x00007FFDE2D20000-0x00007FFDE2D2F000-memory.dmp
memory/3156-280-0x00007FFDD9470000-0x00007FFDD9497000-memory.dmp
memory/3156-282-0x00007FFDD90A0000-0x00007FFDD9153000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49162\certifi\cacert.pem
| MD5 | 50ea156b773e8803f6c1fe712f746cba |
| SHA1 | 2c68212e96605210eddf740291862bdf59398aef |
| SHA256 | 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47 |
| SHA512 | 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\Cryptodome\Cipher\_raw_ecb.pyd
| MD5 | 5293811151e512c4236d2566c9943758 |
| SHA1 | 7ecc90f3c68d7fda5321814805969628367cfd59 |
| SHA256 | 6fc9fc660a3469f812db7f2ec1316716ee74b5743a3019a8280b89a31a7cbd9b |
| SHA512 | d69470ab850f286ed06999a8e01a6bb33cd592f715f354b7fd36b1ac52a4a2003b2038199727b9b94625c2c9818648897eafb7528c1137c11537d0ee2eab6d83 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\Cryptodome\Cipher\_raw_cbc.pyd
| MD5 | b081833ff21acedb817fcde62cab77be |
| SHA1 | 9586a570130268e16c2cdfbb00cbef4e6834a367 |
| SHA256 | 6fd5e6ab908537ced6a4165d068de39dae96a819c0e42034a5d5da4e85dd5e0a |
| SHA512 | daeeafa6f3f29b7c8d896e6f932503e004af70d56529cf590a126dd2a412d8cce7eaa469a34002b22e432612933f90e7831c8fc7016fbbc5491f9a76f1bfa486 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\Cryptodome\Cipher\_raw_cfb.pyd
| MD5 | a5045ee4056013d68e3eaf0bb071c4f9 |
| SHA1 | 8075d75f8285d4c4475adc5772f7fe9b7b62cbd9 |
| SHA256 | ce8cd2b12526536171105a4a2f3dcb62613b3b6d596e5e4fbb0080b02bbf9129 |
| SHA512 | 8ec4209814b99e585c8a682ea5e5744d9bd8789467b0699e8d36b08511c4e559397904b53147ddb92ee81f42d47b16d70aeedbc7f2ca055dcc047f554d9bf639 |
C:\Users\Admin\AppData\Local\Temp\_MEI49162\Cryptodome\Cipher\_raw_ofb.pyd
| MD5 | e7ce6e446ade075b48ae1009e19112db |
| SHA1 | efc9c9d49019a5d17d949615f3c9a2c413e17d48 |
| SHA256 | bc165b1cd715ee082827af31dd96cc44dc458de4608ba0ac640d97255a96e553 |
| SHA512 | 547bdabfaf8cf621629b8d7ebbe7f2e19a862f03350b6350554ce0256684e6b254535bd99d2511a36e06ec672710250409d05db26211949370ebf030d709866e |
memory/3156-291-0x00007FFDD53B0000-0x00007FFDD58E3000-memory.dmp
memory/3156-299-0x00007FFDD9440000-0x00007FFDD944C000-memory.dmp
memory/3156-298-0x00007FFDD92E0000-0x00007FFDD93AE000-memory.dmp
memory/3156-297-0x00007FFDD9C50000-0x00007FFDD9C84000-memory.dmp
memory/3156-300-0x00007FFDD9090000-0x00007FFDD909B000-memory.dmp
memory/3156-304-0x00007FFDD9070000-0x00007FFDD907D000-memory.dmp
memory/3156-305-0x00007FFDD9060000-0x00007FFDD906E000-memory.dmp
memory/3156-306-0x00007FFDD9050000-0x00007FFDD905C000-memory.dmp
memory/3156-309-0x00007FFDD9030000-0x00007FFDD903B000-memory.dmp
memory/3156-311-0x00007FFDD9020000-0x00007FFDD902C000-memory.dmp
memory/3156-312-0x00007FFDD9010000-0x00007FFDD901B000-memory.dmp
memory/3156-313-0x00007FFDD9000000-0x00007FFDD900D000-memory.dmp
memory/3156-315-0x00007FFDD8FF0000-0x00007FFDD8FFC000-memory.dmp
memory/3156-314-0x00007FFDD5A10000-0x00007FFDD5A22000-memory.dmp
memory/3156-310-0x00007FFDD90A0000-0x00007FFDD9153000-memory.dmp
memory/3156-308-0x00007FFDD9040000-0x00007FFDD904B000-memory.dmp
memory/3156-307-0x00007FFDD9470000-0x00007FFDD9497000-memory.dmp
memory/3156-303-0x00007FFDD9080000-0x00007FFDD908C000-memory.dmp
memory/3156-302-0x00007FFDD9160000-0x00007FFDD92DF000-memory.dmp
memory/3156-301-0x00007FFDD9C20000-0x00007FFDD9C45000-memory.dmp
memory/3156-324-0x00007FFDD59E0000-0x00007FFDD5A0A000-memory.dmp
memory/3156-323-0x00007FFDD5380000-0x00007FFDD53AF000-memory.dmp
memory/3156-322-0x00007FFDC8670000-0x00007FFDC88B9000-memory.dmp
memory/3156-296-0x00007FFDD9B70000-0x00007FFDD9B7B000-memory.dmp
memory/3156-295-0x00007FFDDD200000-0x00007FFDDD214000-memory.dmp
memory/3156-294-0x00007FFDD9450000-0x00007FFDD945B000-memory.dmp
memory/3156-293-0x00007FFDD9460000-0x00007FFDD946C000-memory.dmp
memory/3156-292-0x00007FFDD9BC0000-0x00007FFDD9BCB000-memory.dmp
memory/804-333-0x000001C8AA1E0000-0x000001C8AA202000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4k1wnicz.chy.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\GT6P8jaVO5\Browser\history.txt
| MD5 | 5638715e9aaa8d3f45999ec395e18e77 |
| SHA1 | 4e3dc4a1123edddf06d92575a033b42a662fe4ad |
| SHA256 | 4db7f6559c454d34d9c2d557524603c3f52649c2d69b26b6e8384a3d179aeae6 |
| SHA512 | 78c96efab1d941e34d3137eae32cef041e2db5b0ebbf883e6a2effa79a323f66e00cfb7c45eb3398b3cbd0469a2be513c3ff63e5622261857eefc1685f77f76b |
C:\Users\Admin\AppData\Local\Temp\GT6P8jaVO5\Browser\cc's.txt
| MD5 | 5aa796b6950a92a226cc5c98ed1c47e8 |
| SHA1 | 6706a4082fc2c141272122f1ca424a446506c44d |
| SHA256 | c4c83da3a904a4e7114f9bd46790db502cdd04800e684accb991cd1a08ee151c |
| SHA512 | 976f403257671e8f652bf988f4047202e1a0fd368fdb2bab2e79ece1c20c7eb775c4b3a8853c223d4f750f4192cd09455ff024918276dc1dd1442fa3b36623ad |
memory/3156-397-0x00007FFDD9E10000-0x00007FFDD9E28000-memory.dmp
memory/3156-414-0x00007FFDD9010000-0x00007FFDD901B000-memory.dmp
memory/3156-413-0x00007FFDD9020000-0x00007FFDD902C000-memory.dmp
memory/3156-412-0x00007FFDD9030000-0x00007FFDD903B000-memory.dmp
memory/3156-411-0x00007FFDD9040000-0x00007FFDD904B000-memory.dmp
memory/3156-410-0x00007FFDD9050000-0x00007FFDD905C000-memory.dmp
memory/3156-409-0x00007FFDD9060000-0x00007FFDD906E000-memory.dmp
memory/3156-408-0x00007FFDD9070000-0x00007FFDD907D000-memory.dmp
memory/3156-407-0x00007FFDD9080000-0x00007FFDD908C000-memory.dmp
memory/3156-406-0x00007FFDD9090000-0x00007FFDD909B000-memory.dmp
memory/3156-405-0x00007FFDD9440000-0x00007FFDD944C000-memory.dmp
memory/3156-404-0x00007FFDD9450000-0x00007FFDD945B000-memory.dmp
memory/3156-403-0x00007FFDD9460000-0x00007FFDD946C000-memory.dmp
memory/3156-402-0x00007FFDD9B70000-0x00007FFDD9B7B000-memory.dmp
memory/3156-401-0x00007FFDD9BC0000-0x00007FFDD9BCB000-memory.dmp
memory/3156-400-0x00007FFDD90A0000-0x00007FFDD9153000-memory.dmp
memory/3156-399-0x00007FFDD9470000-0x00007FFDD9497000-memory.dmp
memory/3156-398-0x00007FFDDCD10000-0x00007FFDDCD1B000-memory.dmp
memory/3156-396-0x00007FFDD9160000-0x00007FFDD92DF000-memory.dmp
memory/3156-395-0x00007FFDD9C20000-0x00007FFDD9C45000-memory.dmp
memory/3156-394-0x00007FFDD92E0000-0x00007FFDD93AE000-memory.dmp
memory/3156-390-0x00007FFDD53B0000-0x00007FFDD58E3000-memory.dmp
memory/3156-389-0x00007FFDDD200000-0x00007FFDDD214000-memory.dmp
memory/3156-388-0x00007FFDDF280000-0x00007FFDDF28D000-memory.dmp
memory/3156-387-0x00007FFDD9E50000-0x00007FFDD9E86000-memory.dmp
memory/3156-386-0x00007FFDE2D20000-0x00007FFDE2D2F000-memory.dmp
memory/3156-385-0x00007FFDD9F10000-0x00007FFDD9F3B000-memory.dmp
memory/3156-384-0x00007FFDDF440000-0x00007FFDDF459000-memory.dmp
memory/3156-383-0x00007FFDE34D0000-0x00007FFDE34DF000-memory.dmp
memory/3156-382-0x00007FFDDE050000-0x00007FFDDE077000-memory.dmp
memory/3156-393-0x00007FFDD9C50000-0x00007FFDD9C84000-memory.dmp
memory/3156-392-0x00007FFDDCE90000-0x00007FFDDCE9D000-memory.dmp
memory/3156-391-0x00007FFDD9E30000-0x00007FFDD9E49000-memory.dmp
memory/3156-381-0x00007FFDD94A0000-0x00007FFDD9B03000-memory.dmp
memory/3156-415-0x00007FFDD8FF0000-0x00007FFDD8FFC000-memory.dmp
memory/3156-416-0x00007FFDD9000000-0x00007FFDD900D000-memory.dmp
memory/3156-418-0x00007FFDD59E0000-0x00007FFDD5A0A000-memory.dmp
memory/3156-417-0x00007FFDD5A10000-0x00007FFDD5A22000-memory.dmp
memory/3156-419-0x00007FFDD5380000-0x00007FFDD53AF000-memory.dmp
memory/3156-420-0x00007FFDC8670000-0x00007FFDC88B9000-memory.dmp