ID: 206284 Sample Name: murmurhash- 1.0.2-cp37-cp37m- win_amd64.whl Cookbook: default.jbs Time: 08:45:36 Date: 06/02/2020 Version: 28.0.0 Lapis Lazuli Table of Contents
Table of Contents 2 Analysis Report murmurhash-1.0.2-cp37-cp37m-win_amd64.whl 4 Overview 4 General Information 4 Detection 4 Confidence 4 Classification 5 Analysis Advice 5 Mitre Att&ck Matrix 6 Signature Overview 6 Software Vulnerabilities: 6 Networking: 6 Key, Mouse, Clipboard, Microphone and Screen Capturing: 6 System Summary: 6 Persistence and Installation Behavior: 7 Hooking and other Techniques for Hiding and Protection: 7 Malware Analysis System Evasion: 7 Anti Debugging: 7 HIPS / PFW / Operating System Protection Evasion: 7 Language, Device and Operating System Detection: 7 Malware Configuration 7 Behavior Graph 7 Simulations 8 Behavior and APIs 8 Antivirus, Machine Learning and Genetic Malware Detection 8 Initial Sample 8 Dropped Files 8 Unpacked PE Files 8 Domains 8 URLs 8 Yara Overview 9 Initial Sample 9 PCAP (Network Traffic) 9 Dropped Files 9 Memory Dumps 9 Unpacked PEs 9 Sigma Overview 9 Joe Sandbox View / Context 9 IPs 9 Domains 9 ASN 9 JA3 Fingerprints 9 Dropped Files 9 Screenshots 9 Thumbnails 9 Startup 10 Created / dropped Files 10 Domains and IPs 15 Contacted Domains 15 URLs from Memory and Binaries 15 Contacted IPs 15 Static File Info 15 General 15 File Icon 16 Network Behavior 16 Code Manipulations 16 Statistics 16
Copyright Joe Security LLC 2020 Page 2 of 27 Behavior 16 System Behavior 16 Analysis Process: unarchiver.exe PID: 5416 Parent PID: 5336 16 General 16 File Activities 17 File Created 17 File Written 17 File Read 18 Analysis Process: 7za.exe PID: 3804 Parent PID: 5416 18 General 18 File Activities 18 File Created 18 File Written 20 File Read 26 Analysis Process: conhost.exe PID: 4480 Parent PID: 3804 26 General 26 Disassembly 26 Code Analysis 26
Copyright Joe Security LLC 2020 Page 3 of 27 Analysis Report murmurhash-1.0.2-cp37-cp37m-win_amd64.whl
Overview
General Information
Joe Sandbox Version: 28.0.0 Lapis Lazuli Analysis ID: 206284 Start date: 06.02.2020 Start time: 08:45:36 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 3m 5s Hypervisor based Inspection enabled: false Report type: light Sample file name: murmurhash-1.0.2-cp37-cp37m-win_amd64.whl (renamed file extension from whl to zip) Cookbook file name: default.jbs Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113 Number of analysed new started processes analysed: 4 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled HDC enabled AMSI enabled Analysis stop reason: Timeout Detection: CLEAN Classification: clean4.winZIP@4/16@0/0 EGA Information: Successful, ratio: 100% HDC Information: Failed HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Enable AMSI Stop behavior analysis, all processes terminated Warnings: Show All Exclude process from analysis (whitelisted): dllhost.exe
Detection
Strategy Score Range Reporting Whitelisted Detection
Threshold 4 0 - 100 false
Confidence
Strategy Score Range Further Analysis Required? Confidence
Copyright Joe Security LLC 2020 Page 4 of 27 Strategy Score Range Further Analysis Required? Confidence
Threshold 4 0 - 5 false
Classification
Ransomware
Miner Spreading
mmaallliiiccciiioouusss
malicious
Evader Phishing
sssuusssppiiiccciiioouusss
suspicious
cccllleeaann
clean
Exploiter Banker
Spyware Trojan / Bot
Adware
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Copyright Joe Security LLC 2020 Page 5 of 27 Mitre Att&ck Matrix
Initial Privilege Credential Lateral Command Network Access Execution Persistence Escalation Defense Evasion Access Discovery Movement Collection Exfiltration and Control Effects Valid Windows Winlogon Process Disabling Security Input Virtualization/Sandbox Application Input Data Standard Eavesdrop on Accounts Remote Helper DLL Injection 1 1 Tools 1 Capture 1 Evasion 2 Deployment Capture 1 Encrypted 1 Cryptographic Insecure Management Software Protocol 1 Network Communication Replication Service Port Accessibility Virtualization/Sandbox Network System Information Remote Data from Exfiltration Fallback Exploit SS7 to Through Execution Monitors Features Evasion 2 Sniffing Discovery 3 Services Removable Over Other Channels Redirect Phone Removable Media Network Calls/SMS Media Medium External Windows Accessibility Path Process Input Query Registry Windows Data from Automated Custom Exploit SS7 to Remote Management Features Interception Injection 1 1 Capture Remote Network Exfiltration Cryptographic Track Device Services Instrumentation Management Shared Protocol Location Drive Drive-by Scheduled System DLL Search Obfuscated Files or Credentials System Network Logon Input Data Multiband SIM Card Compromise Task Firmware Order Information 1 in Files Configuration Scripts Capture Encrypted Communication Swap Hijacking Discovery
Signature Overview
• Software Vulnerabilities • Networking • Key, Mouse, Clipboard, Microphone and Screen Capturing • System Summary • Persistence and Installation Behavior • Hooking and other Techniques for Hiding and Protection • Malware Analysis System Evasion • Anti Debugging • HIPS / PFW / Operating System Protection Evasion • Language, Device and Operating System Detection
Click to jump to signature section
Software Vulnerabilities:
Found inlined nop instructions (likely shell or obfuscated code)
Networking:
Urls found in memory or binary data
Key, Mouse, Clipboard, Microphone and Screen Capturing:
Creates a DirectInput object (often for capturing keystrokes)
System Summary:
Detected potential crypto function
Classification label
Creates mutexes
Creates temporary files
Copyright Joe Security LLC 2020 Page 6 of 27 Parts of this applications are using the .NET runtime (Probably coded in C#)
Reads software policies
Spawns processes
Uses new MSVCR Dlls
Persistence and Installation Behavior:
Drops PE files
Hooking and other Techniques for Hiding and Protection:
Disables application error messsages (SetErrorMode)
Malware Analysis System Evasion:
Contains long sleeps (>= 3 min)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to query system information
Anti Debugging:
Creates guard pages, often used to prevent reverse engineering and debugging
HIPS / PFW / Operating System Protection Evasion:
Creates a process in suspended mode (likely to inject code)
Language, Device and Operating System Detection:
Queries the cryptographic machine GUID
Malware Configuration
No configs have been found
Behavior Graph
Copyright Joe Security LLC 2020 Page 7 of 27 Hide Legend Legend: Process Signature Created File Behavior Graph DNS/IP Info ID: 206284
Sample: murmurhash-1.0.2-cp37-cp37m... Is Dropped Startdate: 06/02/2020 Is Windows Process Architecture: WINDOWS Score: 4 Number of created Registry Values
started Number of created Files
Visual Basic unarchiver.exe Delphi
5 Java
.Net C# or VB.NET started C, C++ or other language 7za.exe Is malicious
Internet 27
dropped dropped dropped dropped
C:\Users\user\...\test_against_mmh3.py, Python C:\Users\user\...\mrmr.cp37-win_amd64.pyd, PE32+ C:\Users\user\AppData\...\test_import.py, Python C:\Users\user\AppData\Local\...\__init__.py, Python started
conhost.exe
Simulations
Behavior and APIs
No simulations
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
No Antivirus matches
Dropped Files
Source Detection Scanner Label Link C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\mrmr.cp37-win_amd64.pyd 0% Virustotal Browse
Unpacked PE Files
No Antivirus matches
Domains
No Antivirus matches
URLs
Copyright Joe Security LLC 2020 Page 8 of 27 No Antivirus matches
Yara Overview
Initial Sample
No yara matches
PCAP (Network Traffic)
No yara matches
Dropped Files
No yara matches
Memory Dumps
No yara matches
Unpacked PEs
No yara matches
Sigma Overview
No Sigma rule has matched
Joe Sandbox View / Context
IPs
No context
Domains
No context
ASN
No context
JA3 Fingerprints
No context
Dropped Files
No context
Screenshots
Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow. Copyright Joe Security LLC 2020 Page 9 of 27 Startup
System is w10x64 unarchiver.exe (PID: 5416 cmdline: 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip' MD5: CC652A2104B9470999DA6603F972D7B4) 7za.exe (PID: 3804 cmdline: 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z' 'C:\Users\user\Desktop\murmurhash-1.0.2- cp37-cp37m-win_amd64.zip' MD5: 77E556CDFDC5C592F5C46DB4127C6F4C) conhost.exe (PID: 4480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cleanup
Created / dropped Files
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log Process: C:\Windows\SysWOW64\unarchiver.exe File Type: ASCII text, with CRLF line terminators Size (bytes): 128 Entropy (8bit): 5.166201977254936 Encrypted: false MD5: 55887639A13C458914BF5B0242958FD8
Copyright Joe Security LLC 2020 Page 10 of 27 C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log SHA1: 1B7576C23201581E49DA512B0E61743324CB8251 SHA-256: BA44A8F5211411E615ED523042D2B1870ACDBC6F6D3FE99C30429BB4CC151247 SHA-512: FC3E785FDA47A67AAD3230C138A560A07A240EAB74742CCAB68D4611D9E818B177D7B102CEA0A79F265A7751C2A8E5E138446E9BEB214A3532B566649175D313 Malicious: false Reputation: moderate, very likely benign file Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d72bdddce94cd6438f15999de0b0afb6\System.ni.dll",0..
C:\Users\user\AppData\Local\Temp\bugwgbyq.yez\unarchiver.log Process: C:\Windows\SysWOW64\unarchiver.exe File Type: ASCII text, with CRLF line terminators Size (bytes): 1468 Entropy (8bit): 5.127195438391453 Encrypted: false MD5: FD2E9F6411E224A859649B23B304BF09 SHA1: B7AE459F81735124A470A8D01492F7CF0097FC2A SHA-256: C1EC7D93DA5F1DDF742B2A6A308B277C4C61983E1049178DEFF62B9F441D10A8 SHA-512: A08B0A87A19B239A99FF461EF738B541F741D93751F5FF5A9320CB7DA62E8C52A419E6341A3D745A7B170CAC77E140EC0F74579F6B16C74A164473ED326EB8CA Malicious: false Reputation: low Preview: 02/06/2020 8:47 AM: Unpack: C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip..02/06/2020 8:47 AM: Tmp dir: C:\Users\user\AppData\Local\ Temp\ctgwmwdg.l2z..02/06/2020 8:47 AM: Received from standard out: ..02/06/2020 8:47 AM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..02/06/2020 8:47 AM: Received from standard out: ..02/06/2020 8:47 AM: Received from standard out: Scanning the drive for archives:..0 2/06/2020 8:47 AM: Received from standard out: 1 file, 20283 bytes (20 KiB)..02/06/2020 8:47 AM: Received from standard out: ..02/06/2020 8:47 AM: Received from standard out: Extracting archive: C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip..02/06/2020 8:47 AM: Received from standard out: --..02/06/2020 8:47 AM: Received from standard out: Path = C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip..02/06/2020 8:47 AM: Received from standard out: Type = zip..02/06/2020 8:47 AM: Received f
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist-info\LICENSE Process: C:\Windows\SysWOW64\7za.exe File Type: UTF-8 Unicode text Size (bytes): 1175 Entropy (8bit): 5.1237343943705 Encrypted: false MD5: 6F875ACB05056004A67EE1212095D329 SHA1: ACF0F9E49F74B46786AAA2CA02B9D69C92210418 SHA-256: 14ACA0476C6CD2445E4C9DE6809FC5FEFD112FE84552AC744C86E3A85FAAFFBE SHA-512: 04E4AEF7E02CCCB50746AAA9C125AC782DF5E49597CCA6A27FBB1DA9C4C676607463CCCACD9EDDB59C8DF0CB47C7B16C290299BD4523EB7F304073A73D805 CAE Malicious: false Reputation: low Preview: The MIT License (MIT)..Copyright (C) 2014, 2015 Matthew Honnibal. 2016 spaCy GmbH. 2016 ExplosionAI UG (haftungsbeschr.nkt)..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substa ntial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMIT ED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist-info\METADATA Process: C:\Windows\SysWOW64\7za.exe File Type: ASCII text Size (bytes): 2049 Entropy (8bit): 4.965847498144821 Encrypted: false MD5: 191F44D1DB73394D5BEBBF529F88A9EC SHA1: 94182B4F9F072FD08B36F69B5EC27D5E56BBB9CC SHA-256: 5DF41C28969A01749CEC5F5CDD2FC20DD43DF8A55A1268735BDC81ACC67CAB1C SHA-512: 37B029B661FBC4609595FB5F29EA545C8234B204A92D0CB4E3DE6430D47D1B9E4254A86B0E9BDE520E2D93ACE088DC4B3D46A24FD9DACD09EA3C99C79DA5A1 0E Malicious: false Reputation: low
Copyright Joe Security LLC 2020 Page 11 of 27 C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist-info\METADATA Preview: Metadata-Version: 2.1.Name: murmurhash.Version: 1.0.2.Summary: Cython bindings for MurmurHash.Home-page: https://github.com/explosion/murmurhash.Author: Matthew Honnibal.Author-email: [email protected]: MIT.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Environment :: Console.Classifier: Intended Audience :: Developers.Classifier: Intended Audience :: Science/Research.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Cython.Classifier: Programming Language :: Python :: 2.6.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Pyt
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist-info\RECORD Process: C:\Windows\SysWOW64\7za.exe File Type: ASCII text Size (bytes): 1334 Entropy (8bit): 5.812769511936267 Encrypted: false MD5: 91B6555EC9BF441A1A4B7705898F653F SHA1: E92027B145C833179F3B78BDF21E57F0BE441D4F SHA-256: FE71723BFCEA3D0E6DB118C9E40CCD750649AED38855D57A24A34FD6EA75E1B4 SHA-512: 37FADBD3368D7DAA994C7B4F0AE00E154FC50763546DAEF9BB7463D7833EB9E3F517B8FC035F510EAD0684A663D98E34AB2845BC8D9A92FA267E0933D6487C5 4 Malicious: false Reputation: low Preview: murmurhash/__init__.pxd,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0.murmurhash/__init__.py,sha256=cLpuDaIgAmVoADPzEkm6b7qI- LLDr_uzCXx9tcegnEk,180.murmurhash/about.py,sha256=2jfL1BwQD1n-oHLlp0jkaMBpl-sWEI_2qY49ZyOZHAs,407.murmurhash/mrmr.cp37-win_amd64.pyd,sha25 6=Q3IgBCUSgLo5dH5-OzN3VIcVozmztUB2Dv2DtR9Xk5s,31232.murmurhash/mrmr.pxd,sha256=jWq8HvP2b2KMZ5v-BuDBeul740PPDq9qR_jIU8_Qfpc,415.mur murhash/mrmr.pyx,sha256=xUg1hlDNr6b8RM6rGGmF8TEcFBKxbLlwGmsiH-Fdis8,1670.murmurhash/include/murmurhash/MurmurHash2.h,sha256=em2VUi FLFBUBg4ThRkvNwl8_tyychike-LuqCixXo-M,929.murmurhash/include/murmurhash/MurmurHash3.h,sha256=k8ykQejBYQb0ofk2wuC9haBJVPg--WV4HoGQiWe-ptA,804 .murmurhash/tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0.murmurhash/tests/test_against_mmh3.py,sha256=SCT-1uWyGTfH W158-8YEngOCw2ezv2IB10EiZuHb190,241.murmurhash/tests/test_import.py,sha256=rWpLLJVzgZUJGs6LIqP3hPOJvVAU_COfnxMW5xpJRR0,70.murmurhash-1.0.2.d ist-info/LICENSE,sha256=FKygR2xs0kReTJ3mgJ_F_v0RL-
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist-info\WHEEL Process: C:\Windows\SysWOW64\7za.exe File Type: ASCII text, with CRLF line terminators Size (bytes): 106 Entropy (8bit): 5.093651120438497 Encrypted: false MD5: 2710626342C09F5F4908F02E1AAECC44 SHA1: 5F2D6F93D0D7554477361B1882D8E71C8D4B83E1 SHA-256: AA9255273DDFFE88A1E6C6F5D0256877D8C275D1F0C629738993E7D01F2D8054 SHA-512: F8B2C39E0F60EAA1253CD1C735A818685DC76F9F0EB2659B3FB0CADE3CCD644EE314AF09417D39EEFEF21FEE4B570E0E62F28D9889D97DC8B7A9EB64609AC BA8 Malicious: false Reputation: low Preview: Wheel-Version: 1.0..Generator: bdist_wheel (0.32.3)..Root-Is-Purelib: false..Tag: cp37-cp37m-win_amd64....
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist-info\top_level.txt Process: C:\Windows\SysWOW64\7za.exe File Type: ASCII text Size (bytes): 11 Entropy (8bit): 2.7321588913645702 Encrypted: false MD5: EA26C8B3147B02B8C6E504DB153C2F8F SHA1: 3875143505B595B804698E6D8C4E88606C0EE392 SHA-256: DFB86F23B0B8676716D753F3B473D00B131FAF6E19EEA25C30F6810C38F817FB SHA-512: 2EBF312142371BA514C9A3A00F0319716029630464EC510835783E9D779BDAE0A159461656D0F05D464975D34E24414C86E82F31A2E8241FCFA43A4A3787B71E Malicious: false Reputation: low Preview: murmurhash.
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\__init__.py Process: C:\Windows\SysWOW64\7za.exe File Type: Python script, ASCII text executable Size (bytes): 180 Entropy (8bit): 4.597285457305833 Encrypted: false MD5: FAE9EAD7239E3A138C2EA8FCDA7CB67A
Copyright Joe Security LLC 2020 Page 12 of 27 C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\__init__.py SHA1: 01D99ED59D847799AD8F4A36A4052D9575AB4400 SHA-256: 70BA6E0DA2200265680033F31249BA6FBA88F8B2C3AFFBB3097C7DB5C7A09C49 SHA-512: A07933D51EB42AB19C578AD0C519A86958A4266C596153CEB63702F63A09E76F2B0CBF09817E6722A8FEC0882FD104CA2B355687F750E23FEEDF991DD0A51C00 Malicious: false Preview: import os.from .about import *.from .mrmr import hash, hash_unicode, hash_bytes...def get_include():. return os.path.join(os.path.dirname(os.path.abspath(__file__)), ' include').
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\about.py Process: C:\Windows\SysWOW64\7za.exe File Type: ASCII text Size (bytes): 407 Entropy (8bit): 4.831205981332596 Encrypted: false MD5: A4015C8022EA68D579DAFC873DA957BC SHA1: 74C6E748DCCE050BEB21AD167F227E4424658051 SHA-256: DA37CBD41C100F59FEA072E5A748E468C06997EB16108FF6A98E3D6723991C0B SHA-512: C7D3A2915E9EB896CE2085446D06095523F5DA01DC6B66AF0095CCC2E844800F24BEB24F4D593E8CA8CC83E97136E88FAF384F822D2368207214C4DBC0249653 Malicious: false Preview: # inspired from:..# https://python-packaging-user-guide.readthedocs.org/en/latest/single_source_version/.# https://github.com/pypa/warehouse/blob/master/warehou se/__about__.py..__title__ = 'murmurhash'.__version__ = '1.0.2'.__summary__ = 'Cython bindings for MurmurHash'.__uri__ = 'https://github.com/explosion/murmurhas h'.__author__ = 'Matthew Honnibal'.__email__ = '[email protected]'.__license__ = 'MIT'.
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\include\murmurhash\MurmurHash2.h Process: C:\Windows\SysWOW64\7za.exe File Type: C source, ASCII text Size (bytes): 929 Entropy (8bit): 4.429996825753604 Encrypted: false MD5: 4A9297E4A54F0C7CD6B34476C385BF5C SHA1: 815CF71593555DBEE942C37C0A90C7B8F54B25BB SHA-256: 7A6D9552214B1415018384E1464BCDC25F3FB72C9C86291EF8BBAA0A2C57A3E3 SHA-512: BB3E15534BF142109B970FD9701496C8B03D1FBD15C495DA33085EF2CBE815443BE6362CB4C360633070117EACDF6259C5CDF91D9F4B1073D15DB47ACB9654A9 Malicious: false Preview: //------.// MurmurHash2 was written by Austin Appleby, and is placed in the public.// domain. The author hereby disclaims copyright to this source code...#ifndef _MURMURHASH2_H_.#define _MURMURHASH2_H_..#include
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\include\murmurhash\MurmurHash3.h Process: C:\Windows\SysWOW64\7za.exe File Type: C source, ASCII text Size (bytes): 804 Entropy (8bit): 4.444020694429072 Encrypted: false MD5: 2C9B3F977D91BE2AFDB90BB8CBFFEC0E SHA1: DC63FFA9649F5BD06F2A6E519DBEB1995CEBBEB1 SHA-256: 93CCA441E8C16106F4A1F936C2E0BD85A04954F83EF965781E81908967BEA6D0 SHA-512: DD44C3654EA3D1D61C76834942F4DD0CF05B13C23B9FFBBDB99B3CFC93CCBB0013849F3F2003029CE2DAC7B7E07636F748212C772607370EB202240D922B69F9 Malicious: false Preview: //------.// MurmurHash3 was written by Austin Appleby, and is placed in the public.// domain. The author hereby disclaims copyright to this source code...#ifndef _MURMURHASH3_H_.#define _MURMURHASH3_H_..#include
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\mrmr.cp37-win_amd64.pyd
Process: C:\Windows\SysWOW64\7za.exe File Type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows Size (bytes): 31232 Entropy (8bit): 5.656685494802186 Encrypted: false MD5: 3844D0A5836359B2262EBE26C03EB242 SHA1: 33B44770BCDC6EDC8DC6803EC9A327CC7EA6CB2E
Copyright Joe Security LLC 2020 Page 13 of 27 C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\mrmr.cp37-win_amd64.pyd
SHA-256: 43722004251280BA39747E7E3B3377548715A339B3B540760EFD83B51F57939B SHA-512: AFB7F16B2876E2BB7FB4FB086A41A0EEA1FBE1C4AAD37B222480CF008D59DC2D385C8261E3A058CB72C0409C273909371BF80F4EA61CD95170DDA22E0405DC1 A Malicious: false Antivirus: Antivirus: Virustotal, Detection: 0%, Browse Preview: MZ...... @...... !..L.!This program cannot be run in DOS mode....$...... o...... @...... `...... `...... C ...... `...... Rich...... PE..d...|.j\...... " .....D...8...... `...... pt..X....t..d...... `....m...... 0m...... `...... text....C...... D...... `.rdata..J ...`..."...H...... @[email protected]...... j...... @....pdata...... n...... @[email protected]...... t...... @[email protected]...... v...... @[email protected]..`...... x...... @..B......
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\mrmr.pxd Process: C:\Windows\SysWOW64\7za.exe File Type: ASCII text Size (bytes): 415 Entropy (8bit): 4.61920523443339 Encrypted: false MD5: D6B4CF863DCF9230320CBBE36782B35C SHA1: 740BE4168EEB015822FA8EF278F0B54D1E5B24B1 SHA-256: 8D6ABC1EF3F66F628C679BFE06E0C17AE97BE343CF0EAF6A47F8C853CFD07E97 SHA-512: 022AFBA0352863470430FCECB27F0F41A2D9B18FC3A91A4657FA4E2E6D414502D14C29C8671D29DEDE46968E8EAFAE20D7E9F40D3DEE705CEF930F83299B82E 3 Malicious: false Preview: from libc.stdint cimport uint64_t, int64_t, uint32_t...cdef uint32_t hash32(void* key, int length, uint32_t seed) nogil.cdef uint64_t hash64(void* key, int length, uint64_t seed) nogil.cdef uint64_t real_hash64(void* key, int length, uint64_t seed) nogil.cdef void hash128_x86(const void* key, int len, uint32_t seed, void* out) nogil.cdef void hash1 28_x64(const void* key, int len, uint32_t seed, void* out) nogil.
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\mrmr.pyx Process: C:\Windows\SysWOW64\7za.exe File Type: ASCII text Size (bytes): 1670 Entropy (8bit): 4.825780380014339 Encrypted: false MD5: 327652DCD4566392D8F7FCF38986149C SHA1: CF229A863ACE1E6EFF8DC16435C8B5E955C9ECEC SHA-256: C548358650CDAFA6FC44CEAB186985F1311C1412B16CB9701A6B221FE15D8ACF SHA-512: 3B398CB007AF36E0CE9D34D0982B7997F8181717328A1915D9405B908D3681AC57BE2305AE003208D961A043E77626DCBD1AF69AF9E59ABBB9CE9D9B797C7125 Malicious: false Preview: from libc.stdint cimport uint64_t, int64_t, int32_t...cdef extern from "murmurhash/MurmurHash3.h":. void MurmurHash3_x86_32(void * key, uint64_t len, uint64_t seed, vo id* out) nogil. void MurmurHash3_x86_128(void * key, int len, uint32_t seed, void* out) nogil. void MurmurHash3_x64_128(void * key, int len, uint32_t seed, void* out) nogil..cdef extern from "murmurhash/MurmurHash2.h":. uint64_t MurmurHash64A(void * key, int length, uint32_t seed) nogil. uint64_t MurmurHash64B(void * key, int length, uint32_t seed) nogil...cdef uint32_t hash32(void* key, int length, uint32_t seed) nogil:. cdef int32_t out. MurmurHash3_x86_32(key, length, seed, &out). return out...cdef uint64_t hash64(void* key, int length, uint64_t seed) nogil:. return MurmurHash64A(key, length, seed)..cdef uint64_t real_hash64(void* key, int length, uint64_t seed) nogil:. cdef uint64_t[2] out. MurmurHash3_x86_128(key, length, seed, &out). return out[1]...cdef void hash128_x86(const voi
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\tests\test_against_mmh3.py Process: C:\Windows\SysWOW64\7za.exe File Type: Python script, ASCII text executable Size (bytes): 241 Entropy (8bit): 4.331809381450311 Encrypted: false MD5: DEDC103904B3D3E58567012077023D57 SHA1: EF57DD164E061764246169D176EB1441EC0AE314 SHA-256: 4824FED6E5B21937C75B5E7CFBC6049E0382C367B3BF6201D7412266E1DBD7DD SHA-512: 593B4F92620767E010D03A1379FCE4FDAE0AD917A934C8B21A9C41971D6FC740A07E1D9676456C451CCA6F7A6112A0B69421358A5DD2BCC24B73E2C7A5BF0F31 Malicious: false Preview: import mmh3.import murmurhash.mrmr...def test_hash32_matches_mmh3():. string = "hello world". assert mmh3.hash(string) == murmurhash.mrmr.hash(string). string = "anxiety". assert mmh3.hash(string) == murmurhash.mrmr.hash(string).
C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\tests\test_import.py Process: C:\Windows\SysWOW64\7za.exe File Type: Python script, ASCII text executable Size (bytes): 70 Entropy (8bit): 3.9056606003522853 Encrypted: false
Copyright Joe Security LLC 2020 Page 14 of 27 C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\tests\test_import.py MD5: 3FAD476C7190F4EAEDDDD08A6D49CF75 SHA1: D2E4908209719019A016C18B83B87FF52D77F843 SHA-256: AD6A4B2C95738195091ACE8B22A3F784F389BD5014FC239F9F1316E71A49451D SHA-512: 96C46340525942366CB883C16FD9EC0D17BA7B9D0FEC2B858D1252B3CF7815EAE3F6E579F085CA08E14EF2179DAA9D4B6EA45F9559E4B84B0BD8EE0D64749F1 D Malicious: false Preview: import murmurhash.mrmr..def test_import():. assert murmurhash.mrmr.
Domains and IPs
Contacted Domains
No contacted domains info
URLs from Memory and Binaries
Name Source Malicious Antivirus Detection Reputation https://python-packaging-user- about.py.1.dr false high guide.readthedocs.org/en/latest/single_source_version/ https://img.shields.io/pypi/v/murmurhash.svg?style=flat- 7za.exe, 00000001.00000003.110 false high square 6586649.0000000000440000.00000 004.00000001.sdmp, METADATA.1.dr about.py.1.dr false high https://github.com/pypa/warehouse/blob/master/warehouse/__ about__.py https://img.shields.io/badge/wheels-%E2%9C%93- 7za.exe, 00000001.00000003.110 false high 4c1.svg?longCache=true&style=flat-square&logo=python&l 6586649.0000000000440000.00000 004.00000001.sdmp, METADATA.1.dr https://pypi.python.org/pypi/murmurhash 7za.exe, 00000001.00000003.110 false high 6586649.0000000000440000.00000 004.00000001.sdmp, METADATA.1.dr https://img.shields.io/conda/vn/conda- 7za.exe, 00000001.00000003.110 false high forge/murmurhash.svg?style=flat-square 6586649.0000000000440000.00000 004.00000001.sdmp, METADATA.1.dr https://anaconda.org/conda-forge/murmurhash 7za.exe, 00000001.00000003.110 false high 6586649.0000000000440000.00000 004.00000001.sdmp, METADATA.1.dr
Contacted IPs
No contacted IP infos
Static File Info
General File type: Zip archive data, at least v2.0 to extract Entropy (8bit): 7.907662688448072 TrID: ZIP compressed archive (8000/1) 100.00% File name: murmurhash-1.0.2-cp37-cp37m-win_amd64.zip File size: 20283 MD5: ab19168c1c62330659f36927f1ce59b9 SHA1: 6017d3a5a694c561063dfd773a10b18179744d92 SHA256: ba766343bdbcb928039b8fff609e80ae7a5fd5ed7a4fc5af 822224b63e0cbaff SHA512: 89b0bc88fd69d4ae968fb3c11d1abca7f91fde28bec6f1c4 3582ec22c697c18df610c6e1d37fde82c0d0ec37d444c83 7a1bfd73872d08f603672a001636d4c03 SSDEEP: 384:h0PGpTDyi7imGa1CrlwOyI9wn0VJ7kbuFLHCb1VP C1SX2lHs:yPG6i7XCOOyI9e0niurSX2lM File Content Preview: PK...... 3{RN...... murmurhash/__init__.pxd..PK...... 3{RN....y...... murmurhash/__init__.py=.A...... [..x@ ?cA0.U...C...%.aW3.5...kn*...|..5..m."E..}..7aT.8...... R..~` ...>".{W.<.>.....{vO.j..$...... z.{.UoPK...... 3{RN..uX......
Copyright Joe Security LLC 2020 Page 15 of 27 File Icon
Icon Hash: 00828e8e8686b000
Network Behavior
No network behavior found
Code Manipulations
Statistics
Behavior
• unarchiver.exe • 7za.exe • conhost.exe
Click to jump to process
System Behavior
Analysis Process: unarchiver.exe PID: 5416 Parent PID: 5336
General
Start time: 08:47:04 Start date: 06/02/2020 Path: C:\Windows\SysWOW64\unarchiver.exe Wow64 process (32bit): true Commandline: 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\murmurhash-1.0.2-cp37- cp37m-win_amd64.zip' Imagebase: 0x10000 File size: 9216 bytes MD5 hash: CC652A2104B9470999DA6603F972D7B4 Has administrator privileges: false Programmed in: .Net C# or VB.NET Reputation: moderate
Copyright Joe Security LLC 2020 Page 16 of 27 File Activities
File Created
Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user read data or list device directory file | object name collision 1 71C7608C unknown directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Roaming read data or list device directory file | object name collision 1 71C7608C unknown directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\bugwgbyq.yez read data or list device directory file | success or wait 1 5BA4B1 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\bugwgbyq.yez\unarchiver.log read attributes | device sequential only | success or wait 1 5BA5AB CreateFileW synchronize | synchronous io generic write non alert | non directory file | open no recall C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z read data or list device directory file | success or wait 1 5BA4B1 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point
File Written
Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Te unknown 95 30 32 2f 30 36 2f 32 02/06/2020 8:47 AM: success or wait 1 5BA8EF WriteFile mp\bugwgbyq.yez\unarchiver.log 30 32 30 20 38 3a 34 Unpack: C: 37 20 41 4d 3a 20 55 \Users\user\Desktop\murm 6e 70 61 63 6b 3a 20 urhash-1.0.2-cp37-cp37m- 43 3a 5c 55 73 65 72 win_amd64.zip.. 73 5c 46 61 6c 6c 6f 6e 5c 44 65 73 6b 74 6f 70 5c 6d 75 72 6d 75 72 68 61 73 68 2d 31 2e 30 2e 32 2d 63 70 33 37 2d 63 70 33 37 6d 2d 77 69 6e 5f 61 6d 64 36 34 2e 7a 69 70 0d 0a C:\Users\user\AppData\Local\Te unknown 78 30 32 2f 30 36 2f 32 02/06/2020 8:47 AM: Tmp success or wait 1 5BA8EF WriteFile mp\bugwgbyq.yez\unarchiver.log 30 32 30 20 38 3a 34 dir: C 37 20 41 4d 3a 20 54 :\Users\user\AppData\Loca 6d 70 20 64 69 72 3a l\Temp\ctgwmwdg.l2z.. 20 43 3a 5c 55 73 65 72 73 5c 46 61 6c 6c 6f 6e 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 54 65 6d 70 5c 63 74 67 77 6d 77 64 67 2e 6c 32 7a 0d 0a C:\Users\user\AppData\Local\Te unknown 50 30 32 2f 30 36 2f 32 02/06/2020 8:47 AM: success or wait 17 5BA8EF WriteFile mp\bugwgbyq.yez\unarchiver.log 30 32 30 20 38 3a 34 Received from standard 37 20 41 4d 3a 20 52 out: .. 65 63 65 69 76 65 64 20 66 72 6f 6d 20 73 74 61 6e 64 61 72 64 20 6f 75 74 3a 20 0d 0a C:\Users\user\AppData\Local\Te unknown 31 30 32 2f 30 36 2f 32 02/06/2020 8:47 AM: Get success or wait 1 5BA8EF WriteFile mp\bugwgbyq.yez\unarchiver.log 30 32 30 20 38 3a 34 files.. 37 20 41 4d 3a 20 47 65 74 20 66 69 6c 65 73 0d 0a
Copyright Joe Security LLC 2020 Page 17 of 27 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Te unknown 37 30 32 2f 30 36 2f 32 02/06/2020 8:47 AM: Nbr success or wait 1 5BA8EF WriteFile mp\bugwgbyq.yez\unarchiver.log 30 32 30 20 38 3a 34 of files: 0.. 37 20 41 4d 3a 20 4e 62 72 20 6f 66 20 66 69 6c 65 73 3a 20 30 0d 0a C:\Users\user\AppData\Local\Mi unknown 128 31 2c 22 66 75 73 69 1,"fusion","GAC",0..3,"C:\ success or wait 1 71F4A806 WriteFile crosoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log 6f 6e 22 2c 22 47 41 Wind 43 22 2c 30 0d 0a 33 ows\assembly\NativeImag 2c 22 43 3a 5c 57 69 es_v2.0 6e 64 6f 77 73 5c 61 .50727_32\System\d72bdd 73 73 65 6d 62 6c 79 dce94cd 5c 4e 61 74 69 76 65 6438f15999de0b0afb6\Sys 49 6d 61 67 65 73 5f tem.ni.dll",0.. 76 32 2e 30 2e 35 30 37 32 37 5f 33 32 5c 53 79 73 74 65 6d 5c 64 37 32 62 64 64 64 63 65 39 34 63 64 36 34 33 38 66 31 35 39 39 39 64 65 30 62 30 61 66 62 36 5c 53 79 73 74 65 6d 2e 6e 69 2e 64 6c 6c 22 2c 30 0d 0a
File Read
Source File Path Offset Length Completion Count Address Symbol C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config unknown 4095 success or wait 1 71CA54EC unknown C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config unknown 6304 success or wait 3 71CA54EC unknown C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config unknown 4106 success or wait 1 71CA54EC unknown C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config unknown 4095 success or wait 1 71CA86E0 ReadFile C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config unknown 6304 success or wait 3 71CA86E0 ReadFile C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config unknown 4106 success or wait 1 71CA86E0 ReadFile unknown unknown 1024 success or wait 1 5BA8EF ReadFile unknown unknown 1024 pipe broken 1 5BA8EF ReadFile
Analysis Process: 7za.exe PID: 3804 Parent PID: 5416
General
Start time: 08:47:04 Start date: 06/02/2020 Path: C:\Windows\SysWOW64\7za.exe Wow64 process (32bit): true Commandline: 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Tem p\ctgwmwdg.l2z' 'C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip' Imagebase: 0x1060000 File size: 289792 bytes MD5 hash: 77E556CDFDC5C592F5C46DB4127C6F4C Has administrator privileges: false Programmed in: C, C++ or other language Reputation: high
File Activities
File Created
Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash read data or list device directory file | success or wait 1 1064FB8 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point
Copyright Joe Security LLC 2020 Page 18 of 27 Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\__init__.pxd read attributes | device synchronous io success or wait 1 10663B0 CreateFileW synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash read data or list device directory file | object name collision 10 1064FB8 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\__init__.py read attributes | device synchronous io success or wait 1 10663B0 CreateFileW synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\about.py read attributes | device synchronous io success or wait 1 10663B0 CreateFileW synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\mrmr.cp37- read attributes | device synchronous io success or wait 1 10663B0 CreateFileW win_amd64.pyd synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\mrmr.pxd read attributes | device synchronous io success or wait 1 10663B0 CreateFileW synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\mrmr.pyx read attributes | device synchronous io success or wait 1 10663B0 CreateFileW synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\include read data or list device directory file | success or wait 1 1064FB8 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\inc read data or list device directory file | success or wait 1 1064FB8 CreateDirectoryW lude\murmurhash directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\inc read attributes | device synchronous io success or wait 1 10663B0 CreateFileW lude\murmurhash\MurmurHash2.h synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\include read data or list device directory file | object name collision 1 1064FB8 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\inc read data or list device directory file | object name collision 1 1064FB8 CreateDirectoryW lude\murmurhash directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\inc read attributes | device synchronous io success or wait 1 10663B0 CreateFileW lude\murmurhash\MurmurHash3.h synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\tests read data or list device directory file | success or wait 1 1064FB8 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\tes read attributes | device synchronous io success or wait 1 10663B0 CreateFileW ts\__init__.py synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\tests read data or list device directory file | object name collision 2 1064FB8 CreateDirectoryW directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\tes read attributes | device synchronous io success or wait 1 10663B0 CreateFileW ts\test_against_mmh3.py synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash\tes read attributes | device synchronous io success or wait 1 10663B0 CreateFileW ts\test_import.py synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist- read data or list device directory file | success or wait 1 1064FB8 CreateDirectoryW info directory | synchronous io synchronize non alert | open for backup ident | open reparse point Copyright Joe Security LLC 2020 Page 19 of 27 Source File Path Access Attributes Options Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist- read attributes | device synchronous io success or wait 1 10663B0 CreateFileW info\LICENSE synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist- read data or list device directory file | object name collision 4 1064FB8 CreateDirectoryW info directory | synchronous io synchronize non alert | open for backup ident | open reparse point C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist- read attributes | device synchronous io success or wait 1 10663B0 CreateFileW info\METADATA synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist- read attributes | device synchronous io success or wait 1 10663B0 CreateFileW info\WHEEL synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist- read attributes | device synchronous io success or wait 1 10663B0 CreateFileW info\top_level.txt synchronize | non alert | non generic write directory file C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash-1.0.2.dist- read attributes | device synchronous io success or wait 1 10663B0 CreateFileW info\RECORD synchronize | non alert | non generic write directory file
File Written
Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Te unknown 180 69 6d 70 6f 72 74 20 6f import os.from .about success or wait 1 1066987 WriteFile mp\ctgwmwdg.l2z\murmurhash\__init__.py 73 0a 66 72 6f 6d 20 import *.from .mrmr import 2e 61 62 6f 75 74 20 hash, hash_unicode, 69 6d 70 6f 72 74 20 hash_bytes...def get_ 2a 0a 66 72 6f 6d 20 include():. return 2e 6d 72 6d 72 20 69 os.path. 6d 70 6f 72 74 20 68 join(os.path.dirname(os.pa 61 73 68 2c 20 68 61 th.abspath(__file__)), 73 68 5f 75 6e 69 63 6f 'include'). 64 65 2c 20 68 61 73 68 5f 62 79 74 65 73 0a 0a 0a 64 65 66 20 67 65 74 5f 69 6e 63 6c 75 64 65 28 29 3a 0a 20 20 20 20 72 65 74 75 72 6e 20 6f 73 2e 70 61 74 68 2e 6a 6f 69 6e 28 6f 73 2e 70 61 74 68 2e 64 69 72 6e 61 6d 65 28 6f 73 2e 70 61 74 68 2e 61 62 73 70 61 74 68 28 5f 5f 66 69 6c 65 5f 5f 29 29 2c 20 27 69 6e 63 6c 75 64 65 27 29 0a
Copyright Joe Security LLC 2020 Page 20 of 27 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Te unknown 407 23 20 69 6e 73 70 69 # inspired from:..# success or wait 1 1066987 WriteFile mp\ctgwmwdg.l2z\murmurhash\about.py 72 65 64 20 66 72 6f https://python-packaging- 6d 3a 0a 0a 23 20 68 user-guide.read 74 74 70 73 3a 2f 2f 70 thedocs.org/en/latest/singl 79 74 68 6f 6e 2d 70 e_source_version/.# 61 63 6b 61 67 69 6e https://githu 67 2d 75 73 65 72 2d b.com/pypa/warehouse/blo 67 75 69 64 65 2e 72 b/mast 65 61 64 74 68 65 64 er/warehouse/__about__.p 6f 63 73 2e 6f 72 67 2f y..__title__ = 65 6e 2f 6c 61 74 65 'murmurhash'.__version__ 73 74 2f 73 69 6e 67 = '1.0.2'.__summary__ = 6c 65 5f 73 6f 75 72 63 'Cython bindings 65 5f 76 65 72 73 69 6f 6e 2f 0a 23 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 70 79 70 61 2f 77 61 72 65 68 6f 75 73 65 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 77 61 72 65 68 6f 75 73 65 2f 5f 5f 61 62 6f 75 74 5f 5f 2e 70 79 0a 0a 5f 5f 74 69 74 6c 65 5f 5f 20 3d 20 27 6d 75 72 6d 75 72 68 61 73 68 27 0a 5f 5f 76 65 72 73 69 6f 6e 5f 5f 20 3d 20 27 31 2e 30 2e 32 27 0a 5f 5f 73 75 6d 6d 61 72 79 5f 5f 20 3d 20 27 43 79 74 68 6f 6e 20 62 69 6e 64 69 6e 67 73 20 C:\Users\user\AppData\Local\Te unknown 31232 4d 5a 90 00 03 00 00 MZ...... @..... success or wait 1 1066987 WriteFile mp\ctgwmwdg.l2z\murmurhash\mrmr.cp37-win_amd64.pyd 00 04 00 00 00 ff ff 00 ...... 00 b8 00 00 00 00 00 ...... !..L.!This program 00 00 40 00 00 00 00 cannot be run in DOS 00 00 00 00 00 00 00 mode.... 00 00 00 00 00 00 00 $...... o...... 00 00 00 00 00 00 00 ...... 00 00 00 00 00 00 00 ...... @...... `. 00 00 00 00 01 00 00 ...... `...... C...... `...... 0e 1f ba 0e 00 b4 09 Rich...... cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 95 ac 6f a7 d1 cd 01 f4 d1 cd 01 f4 d1 cd 01 f4 d8 b5 92 f4 d3 cd 01 f4 ea 93 00 f5 d3 cd 01 f4 bc 90 00 f5 d3 cd 01 f4 ea 93 02 f5 d3 cd 01 f4 ea 93 04 f5 db cd 01 f4 ea 93 05 f5 db cd 01 f4 40 a4 00 f5 d2 cd 01 f4 d1 cd 00 f4 bc cd 01 f4 60 93 08 f5 d2 cd 01 f4 60 93 01 f5 d0 cd 01 f4 43 93 fe f4 d0 cd 01 f4 60 93 03 f5 d0 cd 01 f4 52 69 63 68 d1 cd 01 f4 00 00 00 00 00 00 00
Copyright Joe Security LLC 2020 Page 21 of 27 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Te unknown 415 66 72 6f 6d 20 6c 69 from libc.stdint cimport success or wait 1 1066987 WriteFile mp\ctgwmwdg.l2z\murmurhash\mrmr.pxd 62 63 2e 73 74 64 69 uint64_t, int64_t, 6e 74 20 63 69 6d 70 uint32_t...cdef uint32_t 6f 72 74 20 75 69 6e hash32(void* key, int 74 36 34 5f 74 2c 20 length, uint32_t seed) 69 6e 74 36 34 5f 74 nogil.cdef uint64_t 2c 20 75 69 6e 74 33 hash64(void* key, int 32 5f 74 0a 0a 0a 63 length, uint64_t seed) n 64 65 66 20 75 69 6e ogil.cdef uint64_t 74 33 32 5f 74 20 68 real_hash64(void* key, int 61 73 68 33 32 28 76 length, uint64_t seed) 6f 69 64 2a 20 6b 65 nogil. 79 2c 20 69 6e 74 20 6c 65 6e 67 74 68 2c 20 75 69 6e 74 33 32 5f 74 20 73 65 65 64 29 20 6e 6f 67 69 6c 0a 63 64 65 66 20 75 69 6e 74 36 34 5f 74 20 68 61 73 68 36 34 28 76 6f 69 64 2a 20 6b 65 79 2c 20 69 6e 74 20 6c 65 6e 67 74 68 2c 20 75 69 6e 74 36 34 5f 74 20 73 65 65 64 29 20 6e 6f 67 69 6c 0a 63 64 65 66 20 75 69 6e 74 36 34 5f 74 20 72 65 61 6c 5f 68 61 73 68 36 34 28 76 6f 69 64 2a 20 6b 65 79 2c 20 69 6e 74 20 6c 65 6e 67 74 68 2c 20 75 69 6e 74 36 34 5f 74 20 73 65 65 64 29 20 6e 6f 67 69 6c 0a C:\Users\user\AppData\Local\Te unknown 1670 66 72 6f 6d 20 6c 69 from libc.stdint cimport success or wait 1 1066987 WriteFile mp\ctgwmwdg.l2z\murmurhash\mrmr.pyx 62 63 2e 73 74 64 69 uint64_t, int64_t, 6e 74 20 63 69 6d 70 int32_t...cdef extern from 6f 72 74 20 75 69 6e "murmurhash/MurmurH 74 36 34 5f 74 2c 20 ash3.h":. void 69 6e 74 36 34 5f 74 MurmurHash3_ 2c 20 69 6e 74 33 32 x86_32(void * key, 5f 74 0a 0a 0a 63 64 uint64_t len, uint64_t seed, 65 66 20 65 78 74 65 void* out) nogil. void 72 6e 20 66 72 6f 6d MurmurHash3_x86_ 20 22 6d 75 72 6d 75 128(void * key, int len, 72 68 61 73 68 2f 4d uint32_t seed, void* 75 72 6d 75 72 48 61 73 68 33 2e 68 22 3a 0a 20 20 20 20 76 6f 69 64 20 4d 75 72 6d 75 72 48 61 73 68 33 5f 78 38 36 5f 33 32 28 76 6f 69 64 20 2a 20 6b 65 79 2c 20 75 69 6e 74 36 34 5f 74 20 6c 65 6e 2c 20 75 69 6e 74 36 34 5f 74 20 73 65 65 64 2c 20 76 6f 69 64 2a 20 6f 75 74 29 20 6e 6f 67 69 6c 0a 20 20 20 20 76 6f 69 64 20 4d 75 72 6d 75 72 48 61 73 68 33 5f 78 38 36 5f 31 32 38 28 76 6f 69 64 20 2a 20 6b 65 79 2c 20 69 6e 74 20 6c 65 6e 2c 20 75 69 6e 74 33 32 5f 74 20 73 65 65 64 2c 20 76 6f 69 64 2a
Copyright Joe Security LLC 2020 Page 22 of 27 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Te unknown 929 2f 2f 2d 2d 2d 2d 2d 2d //------success or wait 1 1066987 WriteFile mp\ctgwmwdg.l2z\murmurhash\inc 2d 2d 2d 2d 2d 2d 2d ------lude\murmurhash\MurmurHash2.h 2d 2d 2d 2d 2d 2d 2d -.// MurmurHash2 was 2d 2d 2d 2d 2d 2d 2d written by Austin Appleby, 2d 2d 2d 2d 2d 2d 2d and is placed in the pub 2d 2d 2d 2d 2d 2d 2d lic.// domain. The author 2d 2d 2d 2d 2d 2d 2d hereby disclaims copyright 2d 2d 2d 2d 2d 2d 2d to this source 2d 2d 2d 2d 2d 2d 2d code...#ifndef _MURMUR 2d 2d 2d 2d 2d 2d 2d HASH2_H_.#defin 2d 2d 2d 2d 2d 2d 2d 2d 0a 2f 2f 20 4d 75 72 6d 75 72 48 61 73 68 32 20 77 61 73 20 77 72 69 74 74 65 6e 20 62 79 20 41 75 73 74 69 6e 20 41 70 70 6c 65 62 79 2c 20 61 6e 64 20 69 73 20 70 6c 61 63 65 64 20 69 6e 20 74 68 65 20 70 75 62 6c 69 63 0a 2f 2f 20 64 6f 6d 61 69 6e 2e 20 54 68 65 20 61 75 74 68 6f 72 20 68 65 72 65 62 79 20 64 69 73 63 6c 61 69 6d 73 20 63 6f 70 79 72 69 67 68 74 20 74 6f 20 74 68 69 73 20 73 6f 75 72 63 65 20 63 6f 64 65 2e 0a 0a 23 69 66 6e 64 65 66 20 5f 4d 55 52 4d 55 52 48 41 53 48 32 5f 48 5f 0a 23 64 65 66 69 6e C:\Users\user\AppData\Local\Te unknown 804 2f 2f 2d 2d 2d 2d 2d 2d //------success or wait 1 1066987 WriteFile mp\ctgwmwdg.l2z\murmurhash\inc 2d 2d 2d 2d 2d 2d 2d ------lude\murmurhash\MurmurHash3.h 2d 2d 2d 2d 2d 2d 2d -.// MurmurHash3 was 2d 2d 2d 2d 2d 2d 2d written by Austin Appleby, 2d 2d 2d 2d 2d 2d 2d and is placed in the pub 2d 2d 2d 2d 2d 2d 2d lic.// domain. The author 2d 2d 2d 2d 2d 2d 2d hereby disclaims copyright 2d 2d 2d 2d 2d 2d 2d to this source 2d 2d 2d 2d 2d 2d 2d code...#ifndef _MURMUR 2d 2d 2d 2d 2d 2d 2d HASH3_H_.#defin 2d 2d 2d 2d 2d 2d 2d 2d 0a 2f 2f 20 4d 75 72 6d 75 72 48 61 73 68 33 20 77 61 73 20 77 72 69 74 74 65 6e 20 62 79 20 41 75 73 74 69 6e 20 41 70 70 6c 65 62 79 2c 20 61 6e 64 20 69 73 20 70 6c 61 63 65 64 20 69 6e 20 74 68 65 20 70 75 62 6c 69 63 0a 2f 2f 20 64 6f 6d 61 69 6e 2e 20 54 68 65 20 61 75 74 68 6f 72 20 68 65 72 65 62 79 20 64 69 73 63 6c 61 69 6d 73 20 63 6f 70 79 72 69 67 68 74 20 74 6f 20 74 68 69 73 20 73 6f 75 72 63 65 20 63 6f 64 65 2e 0a 0a 23 69 66 6e 64 65 66 20 5f 4d 55 52 4d 55 52 48 41 53 48 33 5f 48 5f 0a 23 64 65 66 69 6e
Copyright Joe Security LLC 2020 Page 23 of 27 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Te unknown 241 69 6d 70 6f 72 74 20 import mmh3.import success or wait 1 1066987 WriteFile mp\ctgwmwdg.l2z\murmurhash\tests\test_against_mmh3.py 6d 6d 68 33 0a 69 6d murmurhash.mrmr...def 70 6f 72 74 20 6d 75 test_hash32_matches 72 6d 75 72 68 61 73 _mmh3():. string = "hello 68 2e 6d 72 6d 72 0a world". assert 0a 0a 64 65 66 20 74 mmh3.hash(string) == 65 73 74 5f 68 61 73 murmurhash.mrmr.hash(s 68 33 32 5f 6d 61 74 tring). string = "anxiety". 63 68 65 73 5f 6d 6d assert mmh3.hash(string) 68 33 28 29 3a 0a 20 == 20 20 20 73 74 72 69 murmurhash.mrmr.hash(st 6e 67 20 3d 20 22 68 ring). 65 6c 6c 6f 20 77 6f 72 6c 64 22 0a 20 20 20 20 61 73 73 65 72 74 20 6d 6d 68 33 2e 68 61 73 68 28 73 74 72 69 6e 67 29 20 3d 3d 20 6d 75 72 6d 75 72 68 61 73 68 2e 6d 72 6d 72 2e 68 61 73 68 28 73 74 72 69 6e 67 29 0a 20 20 20 20 73 74 72 69 6e 67 20 3d 20 22 61 6e 78 69 65 74 79 22 0a 20 20 20 20 61 73 73 65 72 74 20 6d 6d 68 33 2e 68 61 73 68 28 73 74 72 69 6e 67 29 20 3d 3d 20 6d 75 72 6d 75 72 68 61 73 68 2e 6d 72 6d 72 2e 68 61 73 68 28 73 74 72 69 6e 67 29 0a C:\Users\user\AppData\Local\Te unknown 70 69 6d 70 6f 72 74 20 import success or wait 1 1066987 WriteFile mp\ctgwmwdg.l2z\murmurhash\tests\test_import.py 6d 75 72 6d 75 72 68 murmurhash.mrmr..def te 61 73 68 2e 6d 72 6d st_import():. assert 72 0a 0a 64 65 66 20 murmurhash.mrmr. 74 65 73 74 5f 69 6d 70 6f 72 74 28 29 3a 0a 20 20 20 20 61 73 73 65 72 74 20 6d 75 72 6d 75 72 68 61 73 68 2e 6d 72 6d 72 0a C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash- unknown 1175 54 68 65 20 4d 49 54 The MIT License success or wait 1 1066987 WriteFile 1.0.2.dist-info\LICENSE 20 4c 69 63 65 6e 73 (MIT)..Copyright (C) 2014, 65 20 28 4d 49 54 29 2015 Matthew Honnibal. 0a 0a 43 6f 70 79 72 2016 spaCy GmbH. 69 67 68 74 20 28 43 2016 ExplosionAI UG 29 20 32 30 31 34 2c (haftungsbeschr..nkt) 20 32 30 31 35 20 4d ..Permission is hereby 61 74 74 68 65 77 20 granted, free of charge, to 48 6f 6e 6e 69 62 61 any person obtaining a 6c 0a 20 20 20 20 20 copy.of this software and 20 20 20 20 20 20 20 assoc 20 20 32 30 31 36 20 73 70 61 43 79 20 47 6d 62 48 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 32 30 31 36 20 45 78 70 6c 6f 73 69 6f 6e 41 49 20 55 47 20 28 68 61 66 74 75 6e 67 73 62 65 73 63 68 72 c3 a4 6e 6b 74 29 0a 0a 50 65 72 6d 69 73 73 69 6f 6e 20 69 73 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 2c 20 66 72 65 65 20 6f 66 20 63 68 61 72 67 65 2c 20 74 6f 20 61 6e 79 20 70 65 72 73 6f 6e 20 6f 62 74 61 69 6e 69 6e 67 20 61 20 63 6f 70 79 0a 6f 66 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 61 6e 64 20 61 73 73 6f 63
Copyright Joe Security LLC 2020 Page 24 of 27 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash- unknown 2049 4d 65 74 61 64 61 74 Metadata-Version: success or wait 1 1066987 WriteFile 1.0.2.dist-info\METADATA 61 2d 56 65 72 73 69 2.1.Name: mu 6f 6e 3a 20 32 2e 31 rmurhash.Version: 0a 4e 61 6d 65 3a 20 1.0.2.Summary: Cython 6d 75 72 6d 75 72 68 bindings for MurmurH 61 73 68 0a 56 65 72 ash.Home-page: 73 69 6f 6e 3a 20 31 https://github. 2e 30 2e 32 0a 53 75 com/explosion/murmurhas 6d 6d 61 72 79 3a 20 h.Author: Matthew 43 79 74 68 6f 6e 20 Honnibal.Author-email: 62 69 6e 64 69 6e 67 [email protected] 73 20 66 6f 72 20 4d : MIT.Platform: 75 72 6d 75 72 48 61 UNKNOWN.Classifier: 73 68 0a 48 6f 6d 65 Developmen 2d 70 61 67 65 3a 20 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 65 78 70 6c 6f 73 69 6f 6e 2f 6d 75 72 6d 75 72 68 61 73 68 0a 41 75 74 68 6f 72 3a 20 4d 61 74 74 68 65 77 20 48 6f 6e 6e 69 62 61 6c 0a 41 75 74 68 6f 72 2d 65 6d 61 69 6c 3a 20 6d 61 74 74 40 65 78 70 6c 6f 73 69 6f 6e 2e 61 69 0a 4c 69 63 65 6e 73 65 3a 20 4d 49 54 0a 50 6c 61 74 66 6f 72 6d 3a 20 55 4e 4b 4e 4f 57 4e 0a 43 6c 61 73 73 69 66 69 65 72 3a 20 44 65 76 65 6c 6f 70 6d 65 6e C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash- unknown 106 57 68 65 65 6c 2d 56 Wheel-Version: success or wait 1 1066987 WriteFile 1.0.2.dist-info\WHEEL 65 72 73 69 6f 6e 3a 1.0..Generator: 20 31 2e 30 0d 0a 47 bdist_wheel (0.32.3)..Root- 65 6e 65 72 61 74 6f Is-Purelib: false..Tag: 72 3a 20 62 64 69 73 cp37-cp37m-win_amd64.... 74 5f 77 68 65 65 6c 20 28 30 2e 33 32 2e 33 29 0d 0a 52 6f 6f 74 2d 49 73 2d 50 75 72 65 6c 69 62 3a 20 66 61 6c 73 65 0d 0a 54 61 67 3a 20 63 70 33 37 2d 63 70 33 37 6d 2d 77 69 6e 5f 61 6d 64 36 34 0d 0a 0d 0a C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash- unknown 11 6d 75 72 6d 75 72 68 murmurhash. success or wait 1 1066987 WriteFile 1.0.2.dist-info\top_level.txt 61 73 68 0a
Copyright Joe Security LLC 2020 Page 25 of 27 Source File Path Offset Length Value Ascii Completion Count Address Symbol C:\Users\user\AppData\Local\Temp\ctgwmwdg.l2z\murmurhash- unknown 1334 6d 75 72 6d 75 72 68 murmurhash/__init__.pxd, success or wait 1 1066987 WriteFile 1.0.2.dist-info\RECORD 61 73 68 2f 5f 5f 69 6e sha256=47DEQpj8HBSa- 69 74 5f 5f 2e 70 78 64 _TImW-5JCeuQeRkm 2c 73 68 61 32 35 36 5NMpJWZG3hSuFU,0.mur 3d 34 37 44 45 51 70 murhash/__ 6a 38 48 42 53 61 2d init__.py,sha256=cLpuDaI 5f 54 49 6d 57 2d 35 gAmVoADPzEkm6b7qI- 4a 43 65 75 51 65 52 LLDr_uzCXx9tcegnEk 6b 6d 35 4e 4d 70 4a ,180.murmurhash/about.py 57 5a 47 33 68 53 75 ,sha256=2jfL1BwQD1n- 46 55 2c 30 0a 6d 75 oHLlp0jkaMBpl-sW 72 6d 75 72 68 61 73 EI_2qY49ZyOZHAs,407.m 68 2f 5f 5f 69 6e 69 74 urmurhash/mrmr.cp37- 5f 5f 2e 70 79 2c 73 68 win_ 61 32 35 36 3d 63 4c 70 75 44 61 49 67 41 6d 56 6f 41 44 50 7a 45 6b 6d 36 62 37 71 49 2d 4c 4c 44 72 5f 75 7a 43 58 78 39 74 63 65 67 6e 45 6b 2c 31 38 30 0a 6d 75 72 6d 75 72 68 61 73 68 2f 61 62 6f 75 74 2e 70 79 2c 73 68 61 32 35 36 3d 32 6a 66 4c 31 42 77 51 44 31 6e 2d 6f 48 4c 6c 70 30 6a 6b 61 4d 42 70 6c 2d 73 57 45 49 5f 32 71 59 34 39 5a 79 4f 5a 48 41 73 2c 34 30 37 0a 6d 75 72 6d 75 72 68 61 73 68 2f 6d 72 6d 72 2e 63 70 33 37 2d 77 69 6e 5f
File Read
Source File Path Offset Length Completion Count Address Symbol C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip unknown 1024 success or wait 1 106686E ReadFile C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip unknown 20283 success or wait 1 106686E ReadFile C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip unknown 4 success or wait 16 106686E ReadFile C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip unknown 26 success or wait 16 106686E ReadFile C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip unknown 23 success or wait 16 106686E ReadFile C:\Users\user\Desktop\murmurhash-1.0.2-cp37-cp37m-win_amd64.zip unknown 2 success or wait 16 106686E ReadFile
Analysis Process: conhost.exe PID: 4480 Parent PID: 3804
General
Start time: 08:47:04 Start date: 06/02/2020 Path: C:\Windows\System32\conhost.exe Wow64 process (32bit): false Commandline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Imagebase: 0x7ff604130000 File size: 625664 bytes MD5 hash: EA777DEEA782E8B4D7C7C33BBF8A4496 Has administrator privileges: false Programmed in: C, C++ or other language Reputation: high
Disassembly
Code Analysis
Copyright Joe Security LLC 2020 Page 26 of 27 Copyright Joe Security LLC 2020 Page 27 of 27