Malware Analysis Report

2025-08-05 14:42

Sample ID 250703-f55bsstyds
Target 2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar
SHA256 83f63eb236fb1985f6d9daacdf58d16710904f4d2f2e724682e07c4cb45cd5ff
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

83f63eb236fb1985f6d9daacdf58d16710904f4d2f2e724682e07c4cb45cd5ff

Threat Level: Shows suspicious behavior

The file 2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Looks up external IP address via web service

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2025-07-03 05:28

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-03 05:28

Reported

2025-07-03 05:31

Platform

win10v2004-20250502-en

Max time kernel

103s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"

C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4a0 0x3cc

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:80 ipinfo.io tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
US 104.26.13.205:443 api.ipify.org tcp
US 8.8.8.8:53 0d74-194-28-65-110.ngrok-free.app udp
DE 18.158.249.75:443 0d74-194-28-65-110.ngrok-free.app tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI56562\python313.dll

MD5 5acd4d4f35e13ef79c883ace05c4eaf5
SHA1 03a2944b87b8a6fe0bff5336978ed6558deda5a2
SHA256 0565965617d94274d7f2c2958d0bef33392cd9d2f346f99d8e1bedbdf264ee85
SHA512 f1bb13fac80f28e2419479ee14e41dbcba8fbdc0ca3698d01a8ccddf2bc2fe3a4cf90acf2fd42e4a2f1ec49751d0c66cbc7b59fb8a43fc4dcb7b892cae76e525

C:\Users\Admin\AppData\Local\Temp\_MEI56562\VCRUNTIME140.dll

MD5 32da96115c9d783a0769312c0482a62d
SHA1 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

C:\Users\Admin\AppData\Local\Temp\_MEI56562\base_library.zip

MD5 12b742214042b6ea12b3c7df6986ec32
SHA1 d747db4194529d73c67d9ab15a4fcadc4e6db0e9
SHA256 c07831a21cb6b8acde1aef4e06628bf498ca801cb7283048c9862d0dbe5d81bf
SHA512 65b4854540d087e186f918373f8aedbb5adb568d7b23185708949ac305e75b1793b3600db02ed3457256982783ad072f5263ae2296fc86d5eb11267be9568d88

C:\Users\Admin\AppData\Local\Temp\_MEI56562\python3.DLL

MD5 c947a886e61ad18d052840e095aaa5fc
SHA1 4a2d0092e50757e0b951565c02dd541ab48da96e
SHA256 85d02d4c7e28c0f183415dc2be5fe8e06aa7fa0567673c75c65c0031f59e1e8b
SHA512 d4b3d769fa4c22e914e12ac8b63263bacda72b351bea5bd53ba1d0fd6a6c57c98fc392645170f26e7c84fdf855fbe587615f4f3b1f150285420f5b26bda2da0a

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_ctypes.pyd

MD5 ab19e3dd4731ed075589abadcde68991
SHA1 b51ed4059d7d0ec7cbd5b34767e310bdee9cb4d4
SHA256 697d05cac7c167c00ccf22ea4fdbc7a8db93ab9c6421061191558e42478068c5
SHA512 6aa9cb0e5cc9514d71bf7a2ab21d24a3fd5ef0eb0f0e7bf26a4a807914c7a3cadf73e1bd6cdd9f31d8594b72272eaccc79632f9dfd9534da5c8217d0eb0e9cda

C:\Users\Admin\AppData\Local\Temp\_MEI56562\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI56562\libcrypto-3.dll

MD5 ae5b2e9a3410839b31938f24b6fc5cd8
SHA1 9f9a14efc15c904f408a0d364d55a144427e4949
SHA256 ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7
SHA512 36ea760a7b56ea74174882155eddfb8726828240fcfc6b34d90ecdb7e50a7e632374dcbc9b2889081c0973cc51f50967e7d692498c4abd1f2cba3f7fe8d659cc

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_wmi.pyd

MD5 609206d81f38626f1c022d1a0ff1466b
SHA1 cef724eceae7995d425c169912e292ac43572ed7
SHA256 a7cc096244a497219269a3ee1cf2526a2b613d73fa566749f8f2408f5f4117d4
SHA512 e973f30ee976b580913f3a5c2d762364897054f958fb26236eeccd17832cce0bfa1bc04c0981d221c0536f5c9b1d21551ec12a873cbae64fc6b50634dc9d0166

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_queue.pyd

MD5 8fc4810cff733e6f17a7530d3fb67d58
SHA1 20163031892c87a67169f4ae25115e4e33845626
SHA256 08050f94efe7bdd9d7cbe85b1196de391cac1b30f4a4918610cb174ae529a5db
SHA512 c45ebdb450f30d034ba113729ada2a006baa2ad8c7a83cc59ee55e6fd10511d6f663b1d7f24fbcd493884a84cbedd1368e3a2136ff7da58fb47394147b021f45

C:\Users\Admin\AppData\Local\Temp\_MEI56562\VCRUNTIME140_1.dll

MD5 c0c0b4c611561f94798b62eb43097722
SHA1 523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA256 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA512 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_uuid.pyd

MD5 8cdd2cc12be9491bf150e366e81217be
SHA1 6567dba49c9bac718a1badb504fe83b1d3755c66
SHA256 6a3e6d89e71a803609e6e765a592011427a5b6e7a4766bbca7790b601bb66dbe
SHA512 c573f46295699a7314dde633b04e331f292aeafb36f813055144c95f24bc386ce23704980e3cb6a491d4a05e207cf2517526fd0c602b53cf514a7c2b8d27a338

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_ssl.pyd

MD5 893ee1e905ec5a1f74b10d73a8b94e6a
SHA1 23d6eb756eb48c1632b02a24f53aacf71bdfa409
SHA256 11572f6eb63e43cdc2908812506ffcdab21be2be5931f1e38d856c15f5a79e6c
SHA512 237c9b37f4b44ae37726f3fef750f6eda65b9d8a540f386c5a43e1bcef400dfed0f9f37f2dc4042fe0c4fec0ed9aeb700797396bae2e5f052525851760288b61

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_socket.pyd

MD5 c2938dbdcdaba1ccbefee37f6a06cd0c
SHA1 944cb024144f327ba517ccf72af9bb9a79b8b23e
SHA256 c63e8e6a369cbe86e57c9823fb48bc5d4e7bb18455b9b001986b4768c49007da
SHA512 79e9f40665b7049c9feb04742a91c8c88749c1998794f1a51ac7b47a5f5ac3c1a2b441dcb9cd126e395581d9553305c24356b54d81d0a9fbecb41a4341af776f

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_overlapped.pyd

MD5 4a721637bc0c8b53d13485f5030da7b5
SHA1 7424dde1d136649e68b1f13cd0e738a1d428393a
SHA256 fae5e0e822434da7b1707b9ae4c77b8fa7d1d7b810e7e2f5cacf04449c714086
SHA512 fff4270fd6d759d31ae6784510208ab4d2eb0b454799d393f4d2155a6dad9c8b836233eb3d233002491019bbeba87e9e862c8eee608a51a0f83194a9a5110e13

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_multiprocessing.pyd

MD5 25fc0102fdb08c54e6bd72c0b11b1a4c
SHA1 2dc0d9a3bbcfef184699c147ac2cfa2fcb40a7b8
SHA256 7b21c5b0ebee82b0d85724f245857d65e23f82c6aaf392efcd4f800462025d92
SHA512 89640ff838030ca75309184bcf1ad58a8ad3a917564a4185675bc7494630bbfc5b821dfab53081b5a786553aae89958b057c369b4d56af12ccb0fcea983e3d03

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_hashlib.pyd

MD5 9ec1021fa8a3c252e1f805ac7f172753
SHA1 773a3069dfb3711cb6f07c1c4dbfbab8b7c779d1
SHA256 1430e4a2ed19eda840668a292c39ff44488b598f53e903a61739a86b779ecbfe
SHA512 0940c59f5c1c4afe5457d16aa5053aa7e27de1ac2748de5a0614ec01d630f76d75a86159260a6c53209d098da16d50fa0c4ee3427c04a38180fe9eccc4e6b034

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_elementtree.pyd

MD5 a52f49f8fc408a15e0717c1d7bd1c803
SHA1 45b8ffa6f2e04494c274cb2fb176af60091b1092
SHA256 6fcc5528ce81f4514fb11cc7248080fd335a3c60d898e845d3341ee589887da1
SHA512 fb2a5d88f43b2370681de2e46042e7568ccb503568473ceec1c993e9e936b275ee3b4ab968a12740e567604d2490b252104c8a9aa079644ff935693ec8afc745

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_decimal.pyd

MD5 90071379b9e53b2d1834d49f4fd804ec
SHA1 c4cde25cff9cbf90c55bf908bdaa8a14a82311ad
SHA256 90045140e45edcfe4f4859b3190184faff1249220011330a9d01319745766607
SHA512 a67feade76fda58faa8a9842f6a07d8b12eb477c5baaf51f323de90fdcc8c5f62f2a756f30e1ea494b95eaaededbbe95f2aaf6659175e6e141057af0aac6f514

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_cffi_backend.cp313-win_amd64.pyd

MD5 5cba92e7c00d09a55f5cbadc8d16cd26
SHA1 0300c6b62cd9db98562fdd3de32096ab194da4c8
SHA256 0e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85
SHA512 7ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_asyncio.pyd

MD5 0693819137d5c98bfae7f06b0d76a8f9
SHA1 d9d92845f0f41a600e3967a1fd05ca69f2147a34
SHA256 adaaf0c703641f6dbed30d101a5e23c17cc9454c36303394b9e28a52ea457471
SHA512 ab08c8fc551d96c5f5cfa81b72f2ef8256c852c676cfb2c60a93f06dbfd07577679ddd0cc3356092ac91412e6442572f8af92cc467c4cde0475c4cbb918ae4d2

C:\Users\Admin\AppData\Local\Temp\_MEI56562\unicodedata.pyd

MD5 0a3be15d03e1c55c4df0c7e4fa4005bd
SHA1 a8b30adb77dccd9b7bdc1ec3b1800127e586e3f6
SHA256 e7d0375a7064b1c8916cca7cabf7e3df559fc8463dfdf831f403e95c79499121
SHA512 2a408d178dd0261dfeccfb791fe05a40caedc64b7ad6cd543fafd31d1e676721240020ad43f26cd8adf94a8c3e68522fc96ebb0f987fe0ba15b9287aac1242b2

C:\Users\Admin\AppData\Local\Temp\_MEI56562\select.pyd

MD5 e5728d041bfb1841fc460db4027a2952
SHA1 71e6aaa90e905a72ac83450796af4fb2bb3503d7
SHA256 d1e486de9653640be7c3a9bed04aa716b29ea76a69e1de758dd9fa708f2c9d38
SHA512 a53efe3872b035445b7d66a71dffb690cfd00ff6296af25d0dbdfe92c904a8d06442c91e9638b2d5e54420f6998220d65f39b35ef3c1a87e812e9deea1967ab9

C:\Users\Admin\AppData\Local\Temp\_MEI56562\remote_settings.json

MD5 ed90613af2d809c5cfa4b8084346511f
SHA1 63497d09fc58b9c1c6b41e6148ad40301cac2b13
SHA256 d85acf85430751be71510fa2ef9cff29eb73d6c83baa2a1059d0da4f586a940d
SHA512 52b67e8a071f425ec5511e2d11024cfe1998b5a5621bce44070e249dadf6798d5a3912ff6016d58de711ff23bbaf2647f1a03fe304eecb05833a60266bf8dd9a

C:\Users\Admin\AppData\Local\Temp\_MEI56562\pyexpat.pyd

MD5 feb79984518146b9703d3913d54f2106
SHA1 6a4eb8d7e593f008308f05bf26f7caf7d76a1716
SHA256 567f19a92479e66b652ffaadbddba26b7c5dda43d5e97c67a4a76a076021b736
SHA512 4b5a67c38aa149cde71ccc1171cd55af8a12a66d514f63fb543005d9ee8f19226f839d28782187a0e46e0f205e3307e4e0739e1b2bd64c0e99e0af794c1836e8

C:\Users\Admin\AppData\Local\Temp\_MEI56562\libssl-3.dll

MD5 8d4805f0651186046c48d3e2356623db
SHA1 18c27c000384418abcf9c88a72f3d55d83beda91
SHA256 007142039f04d04e0ed607bda53de095e5bc6a8a10d26ecedde94ea7d2d7eefe
SHA512 1c4895d912f7085d6e46f6776034c9e3d8d7bf934be858683bf6dedb13abca360ba816d8a5528ec7a3ac6e33010fdb6fc89b2699b5cfeedaabfdd5df143dffd1

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_lzma.pyd

MD5 d165b7b9a127f66704ceaa196be319e5
SHA1 ee3de55b32d1357599cef86df35e307477038a15
SHA256 b78f5a8476139ff04731046459efd047bb8f52dc92c5b2082eabf2929c0ca02d
SHA512 b99214ce14899656f9c0fd23b219d06de383aff95b344def145a9304c47e41b1645bd3544f4fb83ac070d42951de228873a99feb98948910fdd0e7fcc54a3122

C:\Users\Admin\AppData\Local\Temp\_MEI56562\_bz2.pyd

MD5 ed9f4c1cf33db08cac3c7ba7a973e61b
SHA1 b0db47ca7be3df00d1585fdabe13fb983cfed04d
SHA256 965f199679afa9b31d537d98c3ca8403afd6b9e58e1a463ae47697ae4bf12771
SHA512 dc5f79944f9acf910d4af892d8a7c2368d2de29bf8ade2feecb056b2b3416d55bd22aacd16a7dc4488c4a1a5682409430f6f210e7396af4f14fd5f307ba1926c

C:\Users\Admin\AppData\Local\Temp\_MEI56562\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Temp\_MEI56562\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

MD5 21e82ad181c636e1cf6c24610e2af08f
SHA1 64f73187472d99632c8579aac30fa03b20ba232b
SHA256 e9c308245fe01d33ef92c7026115a0a930fd865fbe1bfcefa91e76c6aa32a0b3
SHA512 8b87a5ecd21a299a3a9a9a06e2c2aa94942b44280c8eecfdc2b92fbd660344f78a48d41df7859a2f733243a0bfce59cfcd16d25fdd6dc16279b17ee19ebd4484

C:\Users\Admin\AppData\Local\Temp\_MEI56562\charset_normalizer\md.cp313-win_amd64.pyd

MD5 52f4d871306079913ecd8d53eb9ecd05
SHA1 fca56e0ea208691082a04198b3b517739669f001
SHA256 76c8700ffc983bbec07468e354039b21e25e49e7c19f43d7343994c90d4bb7bf
SHA512 4bb9d4161675b6f66c1eadf996de57ba916497c92e6ed42d0a09dbfe97b243d5b3e9772f942c2b03fa75c2f305ca1584bd9b36d5ec226dcdb2efc3261809dea1

C:\Users\Admin\AppData\Local\Temp\_MEI56562\certifi\cacert.pem

MD5 efc4b0783f2c84a6244631bc2aa73312
SHA1 6219c1e79d7d28711fad4dd5fd6b2912c7988b16
SHA256 b1cdd2d665758ef49d08f40ea13e1a826e5f0412e9e0940c921ed1021464cdc2
SHA512 8ac14027da85dc10e0725b9d0585f1d25cccec19d74c91671dbec726538c9c3689c5df66676228601f26b17c63cffefcae4d637ff77ff263182c7c7a89e1e983

C:\Users\Admin\AppData\Local\Temp\_MEI56562\PIL\_imaging.cp313-win_amd64.pyd

MD5 6c227dff02748ad4784796c89303c1b8
SHA1 33e73da9e1a38e0a155fc15bf48d9b006f2b033d
SHA256 010808cd1eb564aeaee8ba65ab2e20ae07f9bd9cbab8dba1d88931bc6842de0f
SHA512 f73d8a8fca3285166d9598d28ded2a49691ff08fef4c3cd890f37b12fe99ab5a9e2f38662ecbd8b0458ec07a27cba6795bca91fe4ee951e59176870f90ad36c1

C:\Users\Admin\AppData\Local\Temp\_MEI56562\numpy\_core\_multiarray_umath.cp313-win_amd64.pyd

MD5 b845308ac897bebc78b9161275b777aa
SHA1 03bc77ded782de1e76d9c501d61b482e17a47743
SHA256 53d4bf7f0b7100972e65c6e3ab26c78b2dc8cbd6e22092951af2888784ff4519
SHA512 a8c591c8379330a169b915f399efd5d7d7bef72d6d532ddac2a166f1c89469eb42c98a9779be308c28f5b7bfe2e00358b55262e91a55cb46650307c2ed60b547

C:\Users\Admin\AppData\Local\Temp\_MEI56562\cv2\__init__.py

MD5 6f043aff1edd20d3c9d6398f936fbf58
SHA1 7149d2d20e1eb8c10c5d2bdb8eda23551fc82650
SHA256 957a91bfd98ffb07a10cd789b7c5c46806568476b61e34c7ad56a00092b981a5
SHA512 7358dba479899dbc3afb955903820d2a7a54b9c398bf5d4565c8dc044241821edd621d7416862af396db4216373b1e8aac00eb78046fcc3cc2396aa02cd6947b

C:\Users\Admin\AppData\Local\Temp\_MEI56562\numpy.libs\msvcp140-263139962577ecda4cd9469ca360a746.dll

MD5 72f3d84384e888bf0d38852eb863026b
SHA1 8e6a0257591eb913ae7d0e975c56306b3f680b3f
SHA256 a4c2229bdc2a2a630acdc095b4d86008e5c3e3bc7773174354f3da4f5beb9cde
SHA512 6d53634bc51bd383358e0d55988d70aee6ed3897bc6ae5e0d2413bed27ecff4c8092020682cd089859023b02d9a1858ac42e64d59c38ba90fbaf89b656c539a6

C:\Users\Admin\AppData\Local\Temp\_MEI56562\numpy.libs\libscipy_openblas64_-13e2df515630b4a41f92893938845698.dll

MD5 b2228fd745f904a0cfb0055c42505231
SHA1 fd8421fbdb81d2d6539df14a80b01d9983a7c659
SHA256 6547e9fb966e9773caee2755e91a8bf4d6f3a2f0eebf9646b0158f8675ea4ab5
SHA512 092771da4730f03e227469e1991e6909b671954ef959479e267d6d31113deeac82b1aa7aa218540e285c607ce60e143a829852e178445a7881139cf64168bd8a

C:\Users\Admin\AppData\Local\Temp\_MEI56562\numpy\linalg\_umath_linalg.cp313-win_amd64.pyd

MD5 499646c954c56827589f91cf8d16d0bf
SHA1 606f80fd67d2283adc9e0aade8aff74dadb06eed
SHA256 153b52f32faabfefd19d0727d420bfc59a900e375fcb5be6cc329e7b70226ac9
SHA512 5bb6c6e58e85c29987e51c7ec176303d8937a8c9f9f6338f90dcea03af99c0b2c58132380a148b8f8d2330915864ecaed49bdf789480ca5c6ffcfb23e5cb301e

C:\Users\Admin\AppData\Local\Temp\_MEI56562\cv2\load_config_py3.py

MD5 eed4002ffe913424133d8f19fdf1c2a8
SHA1 f232d4c5acf73885d8e0d70418fb2e1481d9271b
SHA256 ff583a5874be8f848e73c2f61b3a71680995926479c9bc436e6565c5cce7ca07
SHA512 115f32b21e99dec9b50c766cc685f9387a0d0c1611a41540ca23b71579e2963e04a1e940c6c8f3447a26006dbc45f17013a7ffe97be620b74f1cf20a21505b8e

memory/1596-151-0x00007FF8FF7D0000-0x00007FF900B4B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-03 05:28

Reported

2025-07-03 05:31

Platform

win11-20250610-en

Max time kernel

99s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"

C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_0c61fd5426aa2454376bca0605f9d6b2_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC

Network

Country Destination Domain Proto
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:80 ipinfo.io tcp
US 104.26.12.205:443 api.ipify.org tcp
US 104.26.12.205:443 api.ipify.org tcp
DE 3.124.142.205:443 0d74-194-28-65-110.ngrok-free.app tcp
US 104.208.16.91:443 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI39962\python313.dll

MD5 5acd4d4f35e13ef79c883ace05c4eaf5
SHA1 03a2944b87b8a6fe0bff5336978ed6558deda5a2
SHA256 0565965617d94274d7f2c2958d0bef33392cd9d2f346f99d8e1bedbdf264ee85
SHA512 f1bb13fac80f28e2419479ee14e41dbcba8fbdc0ca3698d01a8ccddf2bc2fe3a4cf90acf2fd42e4a2f1ec49751d0c66cbc7b59fb8a43fc4dcb7b892cae76e525

C:\Users\Admin\AppData\Local\Temp\_MEI39962\VCRUNTIME140.dll

MD5 32da96115c9d783a0769312c0482a62d
SHA1 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

C:\Users\Admin\AppData\Local\Temp\_MEI39962\base_library.zip

MD5 12b742214042b6ea12b3c7df6986ec32
SHA1 d747db4194529d73c67d9ab15a4fcadc4e6db0e9
SHA256 c07831a21cb6b8acde1aef4e06628bf498ca801cb7283048c9862d0dbe5d81bf
SHA512 65b4854540d087e186f918373f8aedbb5adb568d7b23185708949ac305e75b1793b3600db02ed3457256982783ad072f5263ae2296fc86d5eb11267be9568d88

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_ctypes.pyd

MD5 ab19e3dd4731ed075589abadcde68991
SHA1 b51ed4059d7d0ec7cbd5b34767e310bdee9cb4d4
SHA256 697d05cac7c167c00ccf22ea4fdbc7a8db93ab9c6421061191558e42478068c5
SHA512 6aa9cb0e5cc9514d71bf7a2ab21d24a3fd5ef0eb0f0e7bf26a4a807914c7a3cadf73e1bd6cdd9f31d8594b72272eaccc79632f9dfd9534da5c8217d0eb0e9cda

C:\Users\Admin\AppData\Local\Temp\_MEI39962\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_lzma.pyd

MD5 d165b7b9a127f66704ceaa196be319e5
SHA1 ee3de55b32d1357599cef86df35e307477038a15
SHA256 b78f5a8476139ff04731046459efd047bb8f52dc92c5b2082eabf2929c0ca02d
SHA512 b99214ce14899656f9c0fd23b219d06de383aff95b344def145a9304c47e41b1645bd3544f4fb83ac070d42951de228873a99feb98948910fdd0e7fcc54a3122

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_bz2.pyd

MD5 ed9f4c1cf33db08cac3c7ba7a973e61b
SHA1 b0db47ca7be3df00d1585fdabe13fb983cfed04d
SHA256 965f199679afa9b31d537d98c3ca8403afd6b9e58e1a463ae47697ae4bf12771
SHA512 dc5f79944f9acf910d4af892d8a7c2368d2de29bf8ade2feecb056b2b3416d55bd22aacd16a7dc4488c4a1a5682409430f6f210e7396af4f14fd5f307ba1926c

C:\Users\Admin\AppData\Local\Temp\_MEI39962\python3.dll

MD5 c947a886e61ad18d052840e095aaa5fc
SHA1 4a2d0092e50757e0b951565c02dd541ab48da96e
SHA256 85d02d4c7e28c0f183415dc2be5fe8e06aa7fa0567673c75c65c0031f59e1e8b
SHA512 d4b3d769fa4c22e914e12ac8b63263bacda72b351bea5bd53ba1d0fd6a6c57c98fc392645170f26e7c84fdf855fbe587615f4f3b1f150285420f5b26bda2da0a

C:\Users\Admin\AppData\Local\Temp\_MEI39962\libcrypto-3.dll

MD5 ae5b2e9a3410839b31938f24b6fc5cd8
SHA1 9f9a14efc15c904f408a0d364d55a144427e4949
SHA256 ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7
SHA512 36ea760a7b56ea74174882155eddfb8726828240fcfc6b34d90ecdb7e50a7e632374dcbc9b2889081c0973cc51f50967e7d692498c4abd1f2cba3f7fe8d659cc

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_wmi.pyd

MD5 609206d81f38626f1c022d1a0ff1466b
SHA1 cef724eceae7995d425c169912e292ac43572ed7
SHA256 a7cc096244a497219269a3ee1cf2526a2b613d73fa566749f8f2408f5f4117d4
SHA512 e973f30ee976b580913f3a5c2d762364897054f958fb26236eeccd17832cce0bfa1bc04c0981d221c0536f5c9b1d21551ec12a873cbae64fc6b50634dc9d0166

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_uuid.pyd

MD5 8cdd2cc12be9491bf150e366e81217be
SHA1 6567dba49c9bac718a1badb504fe83b1d3755c66
SHA256 6a3e6d89e71a803609e6e765a592011427a5b6e7a4766bbca7790b601bb66dbe
SHA512 c573f46295699a7314dde633b04e331f292aeafb36f813055144c95f24bc386ce23704980e3cb6a491d4a05e207cf2517526fd0c602b53cf514a7c2b8d27a338

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_queue.pyd

MD5 8fc4810cff733e6f17a7530d3fb67d58
SHA1 20163031892c87a67169f4ae25115e4e33845626
SHA256 08050f94efe7bdd9d7cbe85b1196de391cac1b30f4a4918610cb174ae529a5db
SHA512 c45ebdb450f30d034ba113729ada2a006baa2ad8c7a83cc59ee55e6fd10511d6f663b1d7f24fbcd493884a84cbedd1368e3a2136ff7da58fb47394147b021f45

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_ssl.pyd

MD5 893ee1e905ec5a1f74b10d73a8b94e6a
SHA1 23d6eb756eb48c1632b02a24f53aacf71bdfa409
SHA256 11572f6eb63e43cdc2908812506ffcdab21be2be5931f1e38d856c15f5a79e6c
SHA512 237c9b37f4b44ae37726f3fef750f6eda65b9d8a540f386c5a43e1bcef400dfed0f9f37f2dc4042fe0c4fec0ed9aeb700797396bae2e5f052525851760288b61

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_socket.pyd

MD5 c2938dbdcdaba1ccbefee37f6a06cd0c
SHA1 944cb024144f327ba517ccf72af9bb9a79b8b23e
SHA256 c63e8e6a369cbe86e57c9823fb48bc5d4e7bb18455b9b001986b4768c49007da
SHA512 79e9f40665b7049c9feb04742a91c8c88749c1998794f1a51ac7b47a5f5ac3c1a2b441dcb9cd126e395581d9553305c24356b54d81d0a9fbecb41a4341af776f

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_overlapped.pyd

MD5 4a721637bc0c8b53d13485f5030da7b5
SHA1 7424dde1d136649e68b1f13cd0e738a1d428393a
SHA256 fae5e0e822434da7b1707b9ae4c77b8fa7d1d7b810e7e2f5cacf04449c714086
SHA512 fff4270fd6d759d31ae6784510208ab4d2eb0b454799d393f4d2155a6dad9c8b836233eb3d233002491019bbeba87e9e862c8eee608a51a0f83194a9a5110e13

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_multiprocessing.pyd

MD5 25fc0102fdb08c54e6bd72c0b11b1a4c
SHA1 2dc0d9a3bbcfef184699c147ac2cfa2fcb40a7b8
SHA256 7b21c5b0ebee82b0d85724f245857d65e23f82c6aaf392efcd4f800462025d92
SHA512 89640ff838030ca75309184bcf1ad58a8ad3a917564a4185675bc7494630bbfc5b821dfab53081b5a786553aae89958b057c369b4d56af12ccb0fcea983e3d03

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_hashlib.pyd

MD5 9ec1021fa8a3c252e1f805ac7f172753
SHA1 773a3069dfb3711cb6f07c1c4dbfbab8b7c779d1
SHA256 1430e4a2ed19eda840668a292c39ff44488b598f53e903a61739a86b779ecbfe
SHA512 0940c59f5c1c4afe5457d16aa5053aa7e27de1ac2748de5a0614ec01d630f76d75a86159260a6c53209d098da16d50fa0c4ee3427c04a38180fe9eccc4e6b034

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_elementtree.pyd

MD5 a52f49f8fc408a15e0717c1d7bd1c803
SHA1 45b8ffa6f2e04494c274cb2fb176af60091b1092
SHA256 6fcc5528ce81f4514fb11cc7248080fd335a3c60d898e845d3341ee589887da1
SHA512 fb2a5d88f43b2370681de2e46042e7568ccb503568473ceec1c993e9e936b275ee3b4ab968a12740e567604d2490b252104c8a9aa079644ff935693ec8afc745

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_decimal.pyd

MD5 90071379b9e53b2d1834d49f4fd804ec
SHA1 c4cde25cff9cbf90c55bf908bdaa8a14a82311ad
SHA256 90045140e45edcfe4f4859b3190184faff1249220011330a9d01319745766607
SHA512 a67feade76fda58faa8a9842f6a07d8b12eb477c5baaf51f323de90fdcc8c5f62f2a756f30e1ea494b95eaaededbbe95f2aaf6659175e6e141057af0aac6f514

C:\Users\Admin\AppData\Local\Temp\_MEI39962\VCRUNTIME140_1.dll

MD5 c0c0b4c611561f94798b62eb43097722
SHA1 523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA256 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA512 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0

C:\Users\Admin\AppData\Local\Temp\_MEI39962\libssl-3.dll

MD5 8d4805f0651186046c48d3e2356623db
SHA1 18c27c000384418abcf9c88a72f3d55d83beda91
SHA256 007142039f04d04e0ed607bda53de095e5bc6a8a10d26ecedde94ea7d2d7eefe
SHA512 1c4895d912f7085d6e46f6776034c9e3d8d7bf934be858683bf6dedb13abca360ba816d8a5528ec7a3ac6e33010fdb6fc89b2699b5cfeedaabfdd5df143dffd1

C:\Users\Admin\AppData\Local\Temp\_MEI39962\charset_normalizer\md.cp313-win_amd64.pyd

MD5 52f4d871306079913ecd8d53eb9ecd05
SHA1 fca56e0ea208691082a04198b3b517739669f001
SHA256 76c8700ffc983bbec07468e354039b21e25e49e7c19f43d7343994c90d4bb7bf
SHA512 4bb9d4161675b6f66c1eadf996de57ba916497c92e6ed42d0a09dbfe97b243d5b3e9772f942c2b03fa75c2f305ca1584bd9b36d5ec226dcdb2efc3261809dea1

C:\Users\Admin\AppData\Local\Temp\_MEI39962\unicodedata.pyd

MD5 0a3be15d03e1c55c4df0c7e4fa4005bd
SHA1 a8b30adb77dccd9b7bdc1ec3b1800127e586e3f6
SHA256 e7d0375a7064b1c8916cca7cabf7e3df559fc8463dfdf831f403e95c79499121
SHA512 2a408d178dd0261dfeccfb791fe05a40caedc64b7ad6cd543fafd31d1e676721240020ad43f26cd8adf94a8c3e68522fc96ebb0f987fe0ba15b9287aac1242b2

C:\Users\Admin\AppData\Local\Temp\_MEI39962\certifi\cacert.pem

MD5 efc4b0783f2c84a6244631bc2aa73312
SHA1 6219c1e79d7d28711fad4dd5fd6b2912c7988b16
SHA256 b1cdd2d665758ef49d08f40ea13e1a826e5f0412e9e0940c921ed1021464cdc2
SHA512 8ac14027da85dc10e0725b9d0585f1d25cccec19d74c91671dbec726538c9c3689c5df66676228601f26b17c63cffefcae4d637ff77ff263182c7c7a89e1e983

C:\Users\Admin\AppData\Local\Temp\_MEI39962\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

MD5 21e82ad181c636e1cf6c24610e2af08f
SHA1 64f73187472d99632c8579aac30fa03b20ba232b
SHA256 e9c308245fe01d33ef92c7026115a0a930fd865fbe1bfcefa91e76c6aa32a0b3
SHA512 8b87a5ecd21a299a3a9a9a06e2c2aa94942b44280c8eecfdc2b92fbd660344f78a48d41df7859a2f733243a0bfce59cfcd16d25fdd6dc16279b17ee19ebd4484

C:\Users\Admin\AppData\Local\Temp\_MEI39962\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Temp\_MEI39962\select.pyd

MD5 e5728d041bfb1841fc460db4027a2952
SHA1 71e6aaa90e905a72ac83450796af4fb2bb3503d7
SHA256 d1e486de9653640be7c3a9bed04aa716b29ea76a69e1de758dd9fa708f2c9d38
SHA512 a53efe3872b035445b7d66a71dffb690cfd00ff6296af25d0dbdfe92c904a8d06442c91e9638b2d5e54420f6998220d65f39b35ef3c1a87e812e9deea1967ab9

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_cffi_backend.cp313-win_amd64.pyd

MD5 5cba92e7c00d09a55f5cbadc8d16cd26
SHA1 0300c6b62cd9db98562fdd3de32096ab194da4c8
SHA256 0e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85
SHA512 7ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded

C:\Users\Admin\AppData\Local\Temp\_MEI39962\_asyncio.pyd

MD5 0693819137d5c98bfae7f06b0d76a8f9
SHA1 d9d92845f0f41a600e3967a1fd05ca69f2147a34
SHA256 adaaf0c703641f6dbed30d101a5e23c17cc9454c36303394b9e28a52ea457471
SHA512 ab08c8fc551d96c5f5cfa81b72f2ef8256c852c676cfb2c60a93f06dbfd07577679ddd0cc3356092ac91412e6442572f8af92cc467c4cde0475c4cbb918ae4d2

C:\Users\Admin\AppData\Local\Temp\_MEI39962\remote_settings.json

MD5 ed90613af2d809c5cfa4b8084346511f
SHA1 63497d09fc58b9c1c6b41e6148ad40301cac2b13
SHA256 d85acf85430751be71510fa2ef9cff29eb73d6c83baa2a1059d0da4f586a940d
SHA512 52b67e8a071f425ec5511e2d11024cfe1998b5a5621bce44070e249dadf6798d5a3912ff6016d58de711ff23bbaf2647f1a03fe304eecb05833a60266bf8dd9a

C:\Users\Admin\AppData\Local\Temp\_MEI39962\pyexpat.pyd

MD5 feb79984518146b9703d3913d54f2106
SHA1 6a4eb8d7e593f008308f05bf26f7caf7d76a1716
SHA256 567f19a92479e66b652ffaadbddba26b7c5dda43d5e97c67a4a76a076021b736
SHA512 4b5a67c38aa149cde71ccc1171cd55af8a12a66d514f63fb543005d9ee8f19226f839d28782187a0e46e0f205e3307e4e0739e1b2bd64c0e99e0af794c1836e8

C:\Users\Admin\AppData\Local\Temp\_MEI39962\PIL\_imaging.cp313-win_amd64.pyd

MD5 6c227dff02748ad4784796c89303c1b8
SHA1 33e73da9e1a38e0a155fc15bf48d9b006f2b033d
SHA256 010808cd1eb564aeaee8ba65ab2e20ae07f9bd9cbab8dba1d88931bc6842de0f
SHA512 f73d8a8fca3285166d9598d28ded2a49691ff08fef4c3cd890f37b12fe99ab5a9e2f38662ecbd8b0458ec07a27cba6795bca91fe4ee951e59176870f90ad36c1

C:\Users\Admin\AppData\Local\Temp\_MEI39962\cv2\__init__.py

MD5 6f043aff1edd20d3c9d6398f936fbf58
SHA1 7149d2d20e1eb8c10c5d2bdb8eda23551fc82650
SHA256 957a91bfd98ffb07a10cd789b7c5c46806568476b61e34c7ad56a00092b981a5
SHA512 7358dba479899dbc3afb955903820d2a7a54b9c398bf5d4565c8dc044241821edd621d7416862af396db4216373b1e8aac00eb78046fcc3cc2396aa02cd6947b

C:\Users\Admin\AppData\Local\Temp\_MEI39962\numpy\_core\_multiarray_umath.cp313-win_amd64.pyd

MD5 b845308ac897bebc78b9161275b777aa
SHA1 03bc77ded782de1e76d9c501d61b482e17a47743
SHA256 53d4bf7f0b7100972e65c6e3ab26c78b2dc8cbd6e22092951af2888784ff4519
SHA512 a8c591c8379330a169b915f399efd5d7d7bef72d6d532ddac2a166f1c89469eb42c98a9779be308c28f5b7bfe2e00358b55262e91a55cb46650307c2ed60b547

C:\Users\Admin\AppData\Local\Temp\_MEI39962\numpy.libs\msvcp140-263139962577ecda4cd9469ca360a746.dll

MD5 72f3d84384e888bf0d38852eb863026b
SHA1 8e6a0257591eb913ae7d0e975c56306b3f680b3f
SHA256 a4c2229bdc2a2a630acdc095b4d86008e5c3e3bc7773174354f3da4f5beb9cde
SHA512 6d53634bc51bd383358e0d55988d70aee6ed3897bc6ae5e0d2413bed27ecff4c8092020682cd089859023b02d9a1858ac42e64d59c38ba90fbaf89b656c539a6

C:\Users\Admin\AppData\Local\Temp\_MEI39962\numpy.libs\libscipy_openblas64_-13e2df515630b4a41f92893938845698.dll

MD5 b2228fd745f904a0cfb0055c42505231
SHA1 fd8421fbdb81d2d6539df14a80b01d9983a7c659
SHA256 6547e9fb966e9773caee2755e91a8bf4d6f3a2f0eebf9646b0158f8675ea4ab5
SHA512 092771da4730f03e227469e1991e6909b671954ef959479e267d6d31113deeac82b1aa7aa218540e285c607ce60e143a829852e178445a7881139cf64168bd8a

C:\Users\Admin\AppData\Local\Temp\_MEI39962\numpy\linalg\_umath_linalg.cp313-win_amd64.pyd

MD5 499646c954c56827589f91cf8d16d0bf
SHA1 606f80fd67d2283adc9e0aade8aff74dadb06eed
SHA256 153b52f32faabfefd19d0727d420bfc59a900e375fcb5be6cc329e7b70226ac9
SHA512 5bb6c6e58e85c29987e51c7ec176303d8937a8c9f9f6338f90dcea03af99c0b2c58132380a148b8f8d2330915864ecaed49bdf789480ca5c6ffcfb23e5cb301e

C:\Users\Admin\AppData\Local\Temp\_MEI39962\cv2\load_config_py3.py

MD5 eed4002ffe913424133d8f19fdf1c2a8
SHA1 f232d4c5acf73885d8e0d70418fb2e1481d9271b
SHA256 ff583a5874be8f848e73c2f61b3a71680995926479c9bc436e6565c5cce7ca07
SHA512 115f32b21e99dec9b50c766cc685f9387a0d0c1611a41540ca23b71579e2963e04a1e940c6c8f3447a26006dbc45f17013a7ffe97be620b74f1cf20a21505b8e

memory/5016-151-0x00007FFC0A160000-0x00007FFC0B4DB000-memory.dmp