Malware Analysis Report

2025-08-05 14:43

Sample ID 250701-hwqs6agp8t
Target 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar
SHA256 2d2417d98fc2a2d9db515f099256898326e518b8046f8ca5df48a21318ef96ec
Tags
defense_evasion discovery execution spyware stealer pyinstaller
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2d2417d98fc2a2d9db515f099256898326e518b8046f8ca5df48a21318ef96ec

Threat Level: Likely malicious

The file 2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery execution spyware stealer pyinstaller

Disables Task Manager via registry modification

Drops file in Drivers directory

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Command and Scripting Interpreter: PowerShell

Unsigned PE

Detects Pyinstaller

Browser Information Discovery

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-01 07:05

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-01 07:05

Reported

2025-07-01 07:08

Platform

win10v2004-20250619-en

Max time kernel

102s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"

Signatures

Disables Task Manager via registry modification

defense_evasion

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A api.gofile.io N/A N/A
N/A api.gofile.io N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ip-api.com N/A N/A

Browser Information Discovery

discovery

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3008489981-1977616533-741913813-1000\{2D381A33-AA54-48EC-8DBD-EDB55ED66BEF} C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2040 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
PID 2040 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
PID 876 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 1940 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 3960 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 876 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\system32\cmd.exe
PID 876 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4348 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2744 wrote to memory of 4348 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"

C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-01_83dda7744f9b5b294359beaa82e8a432_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_ComputerSystemProduct).UUID"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BIOS).SerialNumber"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BaseBoard).SerialNumber"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_Processor).ProcessorId"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BIOS).OEMStringArray"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_SystemEnclosure).SMBIOSAssetTag"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"

C:\Windows\system32\reg.exe

reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 api.ipify.org udp
US 172.67.74.152:443 api.ipify.org tcp
US 8.8.8.8:53 redtiger.shop udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
US 8.8.8.8:53 store4.gofile.io udp
FR 31.14.70.245:443 store4.gofile.io tcp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI20402\python313.dll

MD5 5acd4d4f35e13ef79c883ace05c4eaf5
SHA1 03a2944b87b8a6fe0bff5336978ed6558deda5a2
SHA256 0565965617d94274d7f2c2958d0bef33392cd9d2f346f99d8e1bedbdf264ee85
SHA512 f1bb13fac80f28e2419479ee14e41dbcba8fbdc0ca3698d01a8ccddf2bc2fe3a4cf90acf2fd42e4a2f1ec49751d0c66cbc7b59fb8a43fc4dcb7b892cae76e525

C:\Users\Admin\AppData\Local\Temp\_MEI20402\VCRUNTIME140.dll

MD5 32da96115c9d783a0769312c0482a62d
SHA1 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

C:\Users\Admin\AppData\Local\Temp\_MEI20402\base_library.zip

MD5 0414707680d8d7de3f9dbe4afe12470f
SHA1 f45e8ecb11b8300862a5f68aec382f69f2eea1c6
SHA256 ec0b8a00bfb4ebc1c86297c7dd47efe3a0ce9976a71da1b01647d7ac55d61eb0
SHA512 a7b00d925b7751555bab41554798e858b0f6a086c093aa1e68c10c62254ac5d3d15200f0ad755883bac306b701c2e3c9045ae9a388fa20861c9215fbc5f53dd1

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_ctypes.pyd

MD5 ab19e3dd4731ed075589abadcde68991
SHA1 b51ed4059d7d0ec7cbd5b34767e310bdee9cb4d4
SHA256 697d05cac7c167c00ccf22ea4fdbc7a8db93ab9c6421061191558e42478068c5
SHA512 6aa9cb0e5cc9514d71bf7a2ab21d24a3fd5ef0eb0f0e7bf26a4a807914c7a3cadf73e1bd6cdd9f31d8594b72272eaccc79632f9dfd9534da5c8217d0eb0e9cda

C:\Users\Admin\AppData\Local\Temp\_MEI20402\python3.DLL

MD5 c947a886e61ad18d052840e095aaa5fc
SHA1 4a2d0092e50757e0b951565c02dd541ab48da96e
SHA256 85d02d4c7e28c0f183415dc2be5fe8e06aa7fa0567673c75c65c0031f59e1e8b
SHA512 d4b3d769fa4c22e914e12ac8b63263bacda72b351bea5bd53ba1d0fd6a6c57c98fc392645170f26e7c84fdf855fbe587615f4f3b1f150285420f5b26bda2da0a

C:\Users\Admin\AppData\Local\Temp\_MEI20402\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_lzma.pyd

MD5 d165b7b9a127f66704ceaa196be319e5
SHA1 ee3de55b32d1357599cef86df35e307477038a15
SHA256 b78f5a8476139ff04731046459efd047bb8f52dc92c5b2082eabf2929c0ca02d
SHA512 b99214ce14899656f9c0fd23b219d06de383aff95b344def145a9304c47e41b1645bd3544f4fb83ac070d42951de228873a99feb98948910fdd0e7fcc54a3122

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_bz2.pyd

MD5 ed9f4c1cf33db08cac3c7ba7a973e61b
SHA1 b0db47ca7be3df00d1585fdabe13fb983cfed04d
SHA256 965f199679afa9b31d537d98c3ca8403afd6b9e58e1a463ae47697ae4bf12771
SHA512 dc5f79944f9acf910d4af892d8a7c2368d2de29bf8ade2feecb056b2b3416d55bd22aacd16a7dc4488c4a1a5682409430f6f210e7396af4f14fd5f307ba1926c

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_wmi.pyd

MD5 609206d81f38626f1c022d1a0ff1466b
SHA1 cef724eceae7995d425c169912e292ac43572ed7
SHA256 a7cc096244a497219269a3ee1cf2526a2b613d73fa566749f8f2408f5f4117d4
SHA512 e973f30ee976b580913f3a5c2d762364897054f958fb26236eeccd17832cce0bfa1bc04c0981d221c0536f5c9b1d21551ec12a873cbae64fc6b50634dc9d0166

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_uuid.pyd

MD5 8cdd2cc12be9491bf150e366e81217be
SHA1 6567dba49c9bac718a1badb504fe83b1d3755c66
SHA256 6a3e6d89e71a803609e6e765a592011427a5b6e7a4766bbca7790b601bb66dbe
SHA512 c573f46295699a7314dde633b04e331f292aeafb36f813055144c95f24bc386ce23704980e3cb6a491d4a05e207cf2517526fd0c602b53cf514a7c2b8d27a338

C:\Users\Admin\AppData\Local\Temp\_MEI20402\select.pyd

MD5 e5728d041bfb1841fc460db4027a2952
SHA1 71e6aaa90e905a72ac83450796af4fb2bb3503d7
SHA256 d1e486de9653640be7c3a9bed04aa716b29ea76a69e1de758dd9fa708f2c9d38
SHA512 a53efe3872b035445b7d66a71dffb690cfd00ff6296af25d0dbdfe92c904a8d06442c91e9638b2d5e54420f6998220d65f39b35ef3c1a87e812e9deea1967ab9

C:\Users\Admin\AppData\Local\Temp\_MEI20402\PyQt5\sip.cp313-win_amd64.pyd

MD5 c1ee7b155ad3fc4c7cc29999671ec2b9
SHA1 25b7ede05a8c8904ac333a96e1e95766d1d1c5ba
SHA256 e63580748533698abdafaff1210f5bb0247b36ee987d0180076eaaa46245c0d2
SHA512 1e8f882403cf944b635049f7f7dbbd68353d62c06320f0aac0cb2cbc84568f6fadf849c447f9e41cc10dd61bd6cbd7cf7eafe516a955f20ce6a09d1992b2ce85

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_hashlib.pyd

MD5 9ec1021fa8a3c252e1f805ac7f172753
SHA1 773a3069dfb3711cb6f07c1c4dbfbab8b7c779d1
SHA256 1430e4a2ed19eda840668a292c39ff44488b598f53e903a61739a86b779ecbfe
SHA512 0940c59f5c1c4afe5457d16aa5053aa7e27de1ac2748de5a0614ec01d630f76d75a86159260a6c53209d098da16d50fa0c4ee3427c04a38180fe9eccc4e6b034

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_queue.pyd

MD5 8fc4810cff733e6f17a7530d3fb67d58
SHA1 20163031892c87a67169f4ae25115e4e33845626
SHA256 08050f94efe7bdd9d7cbe85b1196de391cac1b30f4a4918610cb174ae529a5db
SHA512 c45ebdb450f30d034ba113729ada2a006baa2ad8c7a83cc59ee55e6fd10511d6f663b1d7f24fbcd493884a84cbedd1368e3a2136ff7da58fb47394147b021f45

C:\Users\Admin\AppData\Local\Temp\_MEI20402\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Temp\_MEI20402\pywin32_system32\pywintypes313.dll

MD5 7b4bd20267c93e35c49c32aad05b6b15
SHA1 860a10d04c8764f540ed34cf08e06f32b7b37611
SHA256 90ba935a0145ee9ae56267a365cc0088d34fa506b7afeb2bd1bd78cd33359605
SHA512 9e05566461d9be1a234057e1ae9979b6d022189cb49b2c264c9ad253abec0f0235919f24159638accc45fa3e75ab324db8edf737e72db1efda2cfa589531ddfb

memory/876-1240-0x00007FF85D6A0000-0x00007FF85D903000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI20402\win32\win32api.pyd

MD5 747fc8b90e33f5e9048bcf26788b9169
SHA1 ac30aae15bea0514c7730b007b68dd841a7f3ddc
SHA256 b1b1bb33af9cc14749936b1f6bac36b2ffc494ec1a5fb8b12fc9180a6454f545
SHA512 51416cda9a18f113d46c3cb06e7ed85717c64325156be16c4fc78bddc7a06f0e845b3fedd2c1ca6c965517530d9cbb9b9497dd1b309bc16011d2e1499bb5d082

C:\Users\Admin\AppData\Local\Temp\_MEI20402\libssl-3.dll

MD5 8d4805f0651186046c48d3e2356623db
SHA1 18c27c000384418abcf9c88a72f3d55d83beda91
SHA256 007142039f04d04e0ed607bda53de095e5bc6a8a10d26ecedde94ea7d2d7eefe
SHA512 1c4895d912f7085d6e46f6776034c9e3d8d7bf934be858683bf6dedb13abca360ba816d8a5528ec7a3ac6e33010fdb6fc89b2699b5cfeedaabfdd5df143dffd1

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_ssl.pyd

MD5 893ee1e905ec5a1f74b10d73a8b94e6a
SHA1 23d6eb756eb48c1632b02a24f53aacf71bdfa409
SHA256 11572f6eb63e43cdc2908812506ffcdab21be2be5931f1e38d856c15f5a79e6c
SHA512 237c9b37f4b44ae37726f3fef750f6eda65b9d8a540f386c5a43e1bcef400dfed0f9f37f2dc4042fe0c4fec0ed9aeb700797396bae2e5f052525851760288b61

C:\Users\Admin\AppData\Local\Temp\_MEI20402\libcrypto-3.dll

MD5 ae5b2e9a3410839b31938f24b6fc5cd8
SHA1 9f9a14efc15c904f408a0d364d55a144427e4949
SHA256 ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7
SHA512 36ea760a7b56ea74174882155eddfb8726828240fcfc6b34d90ecdb7e50a7e632374dcbc9b2889081c0973cc51f50967e7d692498c4abd1f2cba3f7fe8d659cc

C:\Users\Admin\AppData\Local\Temp\_MEI20402\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

MD5 6bc084255a5e9eb8df2bcd75b4cd0777
SHA1 cf071ad4e512cd934028f005cabe06384a3954b6
SHA256 1f0f5f2ce671e0f68cf96176721df0e5e6f527c8ca9cfa98aa875b5a3816d460
SHA512 b822538494d13bda947655af791fed4daa811f20c4b63a45246c8f3befa3ec37ff1aa79246c89174fe35d76ffb636fa228afa4bda0bd6d2c41d01228b151fd89

C:\Users\Admin\AppData\Local\Temp\_MEI20402\PyQt5\Qt5\bin\MSVCP140_1.dll

MD5 0fe6d52eb94c848fe258dc0ec9ff4c11
SHA1 95cc74c64ab80785f3893d61a73b8a958d24da29
SHA256 446c48c1224c289bd3080087fe15d6759416d64f4136addf30086abd5415d83f
SHA512 c39a134210e314627b0f2072f4ffc9b2ce060d44d3365d11d8c1fe908b3b9403ebdd6f33e67d556bd052338d0ed3d5f16b54d628e8290fd3a155f55d36019a86

C:\Users\Admin\AppData\Local\Temp\_MEI20402\PyQt5\Qt5\bin\MSVCP140.dll

MD5 01b946a2edc5cc166de018dbb754b69c
SHA1 dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46
SHA256 88f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5
SHA512 65dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5

C:\Users\Admin\AppData\Local\Temp\_MEI20402\PyQt5\Qt5\bin\Qt5Core.dll

MD5 817520432a42efa345b2d97f5c24510e
SHA1 fea7b9c61569d7e76af5effd726b7ff6147961e5
SHA256 8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a
SHA512 8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441

C:\Users\Admin\AppData\Local\Temp\_MEI20402\PyQt5\QtCore.pyd

MD5 678fa1496ffdea3a530fa146dedcdbcc
SHA1 c80d8f1de8ae06ecf5750c83d879d2dcc2d6a4f8
SHA256 d6e45fd8c3b3f93f52c4d1b6f9e3ee220454a73f80f65f3d70504bd55415ea37
SHA512 8d9e3fa49fb42f844d8df241786ea9c0f55e546d373ff07e8c89aac4f3027c62ec1bd0c9c639afeabc034cc39e424b21da55a1609c9f95397a66d5f0d834e88e

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_socket.pyd

MD5 c2938dbdcdaba1ccbefee37f6a06cd0c
SHA1 944cb024144f327ba517ccf72af9bb9a79b8b23e
SHA256 c63e8e6a369cbe86e57c9823fb48bc5d4e7bb18455b9b001986b4768c49007da
SHA512 79e9f40665b7049c9feb04742a91c8c88749c1998794f1a51ac7b47a5f5ac3c1a2b441dcb9cd126e395581d9553305c24356b54d81d0a9fbecb41a4341af776f

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_tkinter.pyd

MD5 3aa9cd197097575a1cd85c4b60b1489c
SHA1 973644b7c6c66e0c0ac0bb6f82600c1e62669ab8
SHA256 574549683a4298335bdb8761ec6eaa11d56e366b618b5ab0b701b5fe2dda48aa
SHA512 b616be273ac160f3c344fee6506f3f90948aa2fb12ac09da5a02e3ef8292614d7257a91b5607978675905ee377aef0640e75d43b5ed70d3799313a6793f17607

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_sqlite3.pyd

MD5 540980b7e2a93b434819c736aca01c68
SHA1 f2d19b38b466a5c03fdc329ad064b23d8fc4cb18
SHA256 443b801d2a372b67155044a928be68af0a677d1302655e5599131180ddd87659
SHA512 3a3adc84efaeaecfd77aa78adbb9d8067c69b318d4aa219beebb0c502aa477dcb721f11d6090b314e75e8cb6941edadbaf644a5bb8a41d400b9294eb95477144

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_overlapped.pyd

MD5 4a721637bc0c8b53d13485f5030da7b5
SHA1 7424dde1d136649e68b1f13cd0e738a1d428393a
SHA256 fae5e0e822434da7b1707b9ae4c77b8fa7d1d7b810e7e2f5cacf04449c714086
SHA512 fff4270fd6d759d31ae6784510208ab4d2eb0b454799d393f4d2155a6dad9c8b836233eb3d233002491019bbeba87e9e862c8eee608a51a0f83194a9a5110e13

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_multiprocessing.pyd

MD5 25fc0102fdb08c54e6bd72c0b11b1a4c
SHA1 2dc0d9a3bbcfef184699c147ac2cfa2fcb40a7b8
SHA256 7b21c5b0ebee82b0d85724f245857d65e23f82c6aaf392efcd4f800462025d92
SHA512 89640ff838030ca75309184bcf1ad58a8ad3a917564a4185675bc7494630bbfc5b821dfab53081b5a786553aae89958b057c369b4d56af12ccb0fcea983e3d03

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_elementtree.pyd

MD5 a52f49f8fc408a15e0717c1d7bd1c803
SHA1 45b8ffa6f2e04494c274cb2fb176af60091b1092
SHA256 6fcc5528ce81f4514fb11cc7248080fd335a3c60d898e845d3341ee589887da1
SHA512 fb2a5d88f43b2370681de2e46042e7568ccb503568473ceec1c993e9e936b275ee3b4ab968a12740e567604d2490b252104c8a9aa079644ff935693ec8afc745

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_decimal.pyd

MD5 90071379b9e53b2d1834d49f4fd804ec
SHA1 c4cde25cff9cbf90c55bf908bdaa8a14a82311ad
SHA256 90045140e45edcfe4f4859b3190184faff1249220011330a9d01319745766607
SHA512 a67feade76fda58faa8a9842f6a07d8b12eb477c5baaf51f323de90fdcc8c5f62f2a756f30e1ea494b95eaaededbbe95f2aaf6659175e6e141057af0aac6f514

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_cffi_backend.cp313-win_amd64.pyd

MD5 5cba92e7c00d09a55f5cbadc8d16cd26
SHA1 0300c6b62cd9db98562fdd3de32096ab194da4c8
SHA256 0e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85
SHA512 7ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded

C:\Users\Admin\AppData\Local\Temp\_MEI20402\_asyncio.pyd

MD5 0693819137d5c98bfae7f06b0d76a8f9
SHA1 d9d92845f0f41a600e3967a1fd05ca69f2147a34
SHA256 adaaf0c703641f6dbed30d101a5e23c17cc9454c36303394b9e28a52ea457471
SHA512 ab08c8fc551d96c5f5cfa81b72f2ef8256c852c676cfb2c60a93f06dbfd07577679ddd0cc3356092ac91412e6442572f8af92cc467c4cde0475c4cbb918ae4d2

C:\Users\Admin\AppData\Local\Temp\_MEI20402\zlib1.dll

MD5 eb3af30a0981219d851e6506db106bc2
SHA1 fd7b1b01dc01a7f32bd51f9a31bf717f4d55d09c
SHA256 1dd27f0411ebb31bd148a61589cee254410915f1e6c37aa3ffa52fac71a5426c
SHA512 8f55f4a86b747b5570d0f539c95dc1677eeba52bcd01850e8d86998b3415b99c92566ad9ece0e46b50e0e3a7eed6a4fe09604ec295f36f9bebf6e8f407ace468

C:\Users\Admin\AppData\Local\Temp\_MEI20402\VCRUNTIME140_1.dll

MD5 c0c0b4c611561f94798b62eb43097722
SHA1 523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA256 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA512 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0

C:\Users\Admin\AppData\Local\Temp\_MEI20402\unicodedata.pyd

MD5 0a3be15d03e1c55c4df0c7e4fa4005bd
SHA1 a8b30adb77dccd9b7bdc1ec3b1800127e586e3f6
SHA256 e7d0375a7064b1c8916cca7cabf7e3df559fc8463dfdf831f403e95c79499121
SHA512 2a408d178dd0261dfeccfb791fe05a40caedc64b7ad6cd543fafd31d1e676721240020ad43f26cd8adf94a8c3e68522fc96ebb0f987fe0ba15b9287aac1242b2

C:\Users\Admin\AppData\Local\Temp\_MEI20402\tk86t.dll

MD5 0da8eb1421517029c8d986519b0e5c63
SHA1 daa8395b9d691b5dfbdaa1f63256555a14010891
SHA256 20f4876506bce7f89e53570e64fd1dce30a64548326b45f372871c7019560df4
SHA512 f729f812901cc023111989d6e1eaa639d2ed2283bdb852c91abc283dee3d785295d3191f70f2ef535d268d454279a7ddd0339993f06be21b62d43d8ab27d70af

C:\Users\Admin\AppData\Local\Temp\_MEI20402\tcl86t.dll

MD5 fa83a807131f3d4a6070eb884e682ad1
SHA1 226bf1cd0fc289034d9579c95ee0fe4df50cc6b8
SHA256 a308beae8555cff5ac2aff7eaf0aef40b5fe173f047e246dc49da9a4d3ef62f9
SHA512 6e86f3725bb68af581e3e1b917c950f255e0f4348256fc02d8a560159cd225fe28303da2554c205636f2f82b9757072bf0c3460116bd7b09ef0bf01cc46125a2

C:\Users\Admin\AppData\Local\Temp\_MEI20402\sqlite3.dll

MD5 8d5b3e4d55c16910619125e497272d65
SHA1 80e78e1d734c0860e24c85af5c73308a12ac9571
SHA256 8f3adef8fc3f3870ec29c927d7e418a176326eb234d6589d67518cef389cb28f
SHA512 6f276b430f02b9e1b74e7bca5b5d0db54be136242b926fc4a3ee557f00da122d50dfaa5d801733ca917b4e84511b2bc922e027515578b05d61b29afc1546d01c

C:\Users\Admin\AppData\Local\Temp\_MEI20402\pyexpat.pyd

MD5 feb79984518146b9703d3913d54f2106
SHA1 6a4eb8d7e593f008308f05bf26f7caf7d76a1716
SHA256 567f19a92479e66b652ffaadbddba26b7c5dda43d5e97c67a4a76a076021b736
SHA512 4b5a67c38aa149cde71ccc1171cd55af8a12a66d514f63fb543005d9ee8f19226f839d28782187a0e46e0f205e3307e4e0739e1b2bd64c0e99e0af794c1836e8

memory/1940-1259-0x000002C3785A0000-0x000002C3785B0000-memory.dmp

memory/1940-1260-0x000002C3785A0000-0x000002C3785B0000-memory.dmp

memory/1940-1261-0x000002C378520000-0x000002C378542000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_12jzugap.5ep.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

C:\Windows\System32\drivers\etc\hosts

MD5 73d602a775b810ed33923eae2406af6e
SHA1 e4d999ce942b502c9e52007d8b41e68a26c61c5e
SHA256 38050e2e35c0add722e0a88f898ba6b316af1ba6a2f8e0fbd5ebd57bee1b97ea
SHA512 4a26cd356d3a285d71525d96f73aa82fe25f0262546c8a40454b1547e6a2943d1b7f29f2e99a8cdca60f737dc0507055113f5043b872d199481c80c2a5f93b51