27441ba3afdfa5c03c1c289f0bea619e7a542a67a0562a284b8f4b3de17bc1a7

Analysis

max time kernel
8s
max time network
11s
platform
windows10_x64
resource
win10-en-20210920
submitted
29-09-2021 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ng.exe
Size

12.7MB
MD5

eda4c21601bf5c4d0579754751f9074f
SHA1

bb4a49af4c6db9c05f4a0669990ec0a2228ba4dd
SHA256

27441ba3afdfa5c03c1c289f0bea619e7a542a67a0562a284b8f4b3de17bc1a7
SHA512

e29a98365f7af43416040a359054864b7bc4e7cca885f9d8525ff33bb3b2698c0bf89627426a2591c9f4737e50bfc45db6ea9944d8c1eb93e944a8431e09b2ed

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ng.exeng.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ng.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	ng.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ng.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	ng.exe

Loads dropped DLL 37 IoCs

Processes:

ng.exe

pid	process
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe
2716	ng.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/2524-115-0x00007FF7325A0000-0x00007FF732EB1000-memory.dmp	themida
behavioral1/memory/2716-117-0x00007FF7325A0000-0x00007FF732EB1000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

ng.exeng.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ng.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ng.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

1 ip-api.com
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

ng.exeng.exe

pid process

2524 ng.exe
2716 ng.exe
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

3840 schtasks.exe
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command-Line Interface
T1059

Processes:

ipconfig.exe

pid process

660 ipconfig.exe

flow	ioc
1	ip-api.com

pid	process
2524	ng.exe
2716	ng.exe

pid	process
3840	schtasks.exe

pid	process
660	ipconfig.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

ng.exeng.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 2524 wrote to memory of 2716	2524	ng.exe	ng.exe
PID 2524 wrote to memory of 2716	2524	ng.exe	ng.exe
PID 2716 wrote to memory of 3584	2716	ng.exe	cmd.exe
PID 2716 wrote to memory of 3584	2716	ng.exe	cmd.exe
PID 3584 wrote to memory of 2568	3584	cmd.exe	chcp.com
PID 3584 wrote to memory of 2568	3584	cmd.exe	chcp.com
PID 3584 wrote to memory of 660	3584	cmd.exe	ipconfig.exe
PID 3584 wrote to memory of 660	3584	cmd.exe	ipconfig.exe
PID 3584 wrote to memory of 1296	3584	cmd.exe	findstr.exe
PID 3584 wrote to memory of 1296	3584	cmd.exe	findstr.exe
PID 2716 wrote to memory of 828	2716	ng.exe	cmd.exe
PID 2716 wrote to memory of 828	2716	ng.exe	cmd.exe
PID 828 wrote to memory of 1584	828	cmd.exe	chcp.com
PID 828 wrote to memory of 1584	828	cmd.exe	chcp.com
PID 2716 wrote to memory of 3860	2716	ng.exe	cmd.exe
PID 2716 wrote to memory of 3860	2716	ng.exe	cmd.exe
PID 3860 wrote to memory of 3768	3860	cmd.exe	chcp.com
PID 3860 wrote to memory of 3768	3860	cmd.exe	chcp.com
PID 3860 wrote to memory of 2628	3860	cmd.exe	schtasks.exe
PID 3860 wrote to memory of 2628	3860	cmd.exe	schtasks.exe
PID 2716 wrote to memory of 1648	2716	ng.exe	cmd.exe
PID 2716 wrote to memory of 1648	2716	ng.exe	cmd.exe
PID 1648 wrote to memory of 3840	1648	cmd.exe	schtasks.exe
PID 1648 wrote to memory of 3840	1648	cmd.exe	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\ng.exe
"C:\Users\Admin\AppData\Local\Temp\ng.exe"
1⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\ng.exe
"C:\Users\Admin\AppData\Local\Temp\ng.exe"
2⤵
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2716

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "chcp 65001 && ipconfig | findstr /i "Default Gateway""
3⤵
- Suspicious use of WriteProcessMemory
PID:3584

C:\Windows\system32\chcp.com
chcp 65001
4⤵
PID:2568

C:\Windows\system32\ipconfig.exe
ipconfig
4⤵
- Gathers network information
PID:660

C:\Windows\system32\findstr.exe
findstr /i "Default Gateway"
4⤵
PID:1296

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "@chcp 65001 1>nul"
3⤵
- Suspicious use of WriteProcessMemory
PID:828

C:\Windows\system32\chcp.com
chcp 65001
4⤵
PID:1584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "@chcp 65001 && @schtasks.exe /query /tn "OneDrive Update""
3⤵
- Suspicious use of WriteProcessMemory
PID:3860

C:\Windows\system32\chcp.com
chcp 65001
4⤵
PID:3768

C:\Windows\system32\schtasks.exe
schtasks.exe /query /tn "OneDrive Update"
4⤵
PID:2628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "schtasks /create /f /sc onlogon /rl highest /tn "OneDrive Update" /tr "C:\ProgramData\svpost.exe""
3⤵
- Suspicious use of WriteProcessMemory
PID:1648

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "OneDrive Update" /tr "C:\ProgramData\svpost.exe"
4⤵
- Creates scheduled task(s)
PID:3840

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Command-Line Interface

T1059

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_Salsa20.cp38-win_amd64.pyd
MD5
e2a62a5ebad0458134f8deee7a2106ff

SHA1
83cb3ee1e85bcd68c9ffa8678d13e6a4983afec1

SHA256
ae06473c3bae466d962d2c017da97fe5dbb9788469664c5b7c016804dabf4379

SHA512
57eae7bd8499bfd5fe76d8215ddd9c4d52e2057a4f78592072110fab298a4c99cea6cc725c82756c108a69674ce6ea33d86b969d1e2c5f14482f7584cdb74cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_raw_cbc.cp38-win_amd64.pyd
MD5
21e62ed2a7fa0504b7dcc3ff1a3e82ed

SHA1
5ab40f09f8d8a035fb25ade3c1ef5ddd1747d11b

SHA256
259fd983c5316eae28a8675a13c7e872d13a6f9ce944af06c9142ca21880fd6a

SHA512
4c62393e438b3a33addb1dea0ad049df123ab791c7c37f1bca26be794989ba29d97158925ee4aaf5cf53583c3665152e8ecfd8159c161613b693faf81116bbd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_raw_cfb.cp38-win_amd64.pyd
MD5
1701c1d9a9bdc4ed69de2fc17127fdcc

SHA1
c85f48dbbe2dae5165ebdd43ce4c66bc62c9d195

SHA256
cdd52145642342a60bc7d21a8e13e290350a44bcc04b42abd547bee251b2c4e4

SHA512
e2c36db36747ae82718b5b7a7f29a681080c249502adc7cf82c2932287430d7fd325b5a1571a81e64b3e877026536fd2142be9ba00c12e054769b6249db23788

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_raw_ctr.cp38-win_amd64.pyd
MD5
d5bca9d892b5ac0d04f8ddb49e8c70a4

SHA1
2bac10eaa90bc738e2ff08b853a6eb643fde4e83

SHA256
17e862ef6c23394fd8b4d9193db15ba82adeb9e0c04fc23b571592db91900b62

SHA512
4cab0daec5ea4cb1adc330b3a98da2b65c995c7135966db809ca3f58ac81b3fc69a250eef8642f9bb7c4d5021829fb649cc04542771699241dc3c36af8f9315f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_raw_ecb.cp38-win_amd64.pyd
MD5
240f306050085e6b05177b143701a285

SHA1
cfe1983e929645d8bcf7dc41cd2d0a59672f9992

SHA256
368983efc03e6db0d7d85dd7f5c78083a809104b63e052f4f7125f8e386d241a

SHA512
68e0681618f3c65772ac7149a8ee0975b635db60cabc10af178a932334a6aeae6fcb522400b1e6d26aa00f40d9888994d30888f7fa6ef236e18398ac8385fff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_raw_ofb.cp38-win_amd64.pyd
MD5
ad13e54d5ad6e3e221dcbaef37480f59

SHA1
5b00803ef8b262e2269023fdf3ecb63a0c5e7f33

SHA256
47814833d84f993cbabb6cfdf45c2fc4458f14822b408aa0a110a39ee2752dd5

SHA512
9392936404ab5d21835c4c736ed2eef49c2fd4cea190e0bfa1d2e0842355ee31860904cafd58281f394abd4dd3f3e62712edc953988feeb4383c81fa892a8066

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Hash\_BLAKE2s.cp38-win_amd64.pyd
MD5
76b6919e085ba66d5f3a6235ea93d7d5

SHA1
cb2f36d2eabb7c142afc78ad0c87b00f81831739

SHA256
072c47ee36c8e7df7bf8fa383525b0d64d1e5466ee400f25965e6d808e07b1f2

SHA512
557a63d0647f1df9906c14afe727b6f4917f49bb0c86ee127ea7b64709e3c44bbdce58735545650a9c64860e73e6c867e9fcdd2722401ac6bbf2e15265fee167

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Hash\_MD5.cp38-win_amd64.pyd
MD5
bb787fe48b39bdf9131ea2e35d826901

SHA1
b2a525aa21ccd5219d7309ebd82152e391e8492b

SHA256
79d82d1eae2b0276def914be88134df45d2d2442d1743fa3626d4072c143ddfc

SHA512
7b7edc3d5e4af264ac149778d71e1518f63e6a392e2c41667b74e5e4b20b7825fb8d98cadfe7f4a08a69ddef422475121114010f5894f28ba9a3ef8316845714

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Hash\_SHA1.cp38-win_amd64.pyd
MD5
ad6a3b5a7fbc67779d3a87549b00c2c6

SHA1
179bcce8ca2962e901493e39ea7a1cfe3ac36d2f

SHA256
25bc689ebfbe6a76b7d93b48538afa3979b032eeeeacb74685c72e9c0d837cbf

SHA512
6be5c76971d64fc6b3e102faaf536efc240c7607da34df2ecb40cd52cfa6aa51667c0c4c840dea2f6592e381472cac2ddf521fe3142875999342bf44675675af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Hash\_SHA256.cp38-win_amd64.pyd
MD5
5946f34315f66764ca3b32d84ad79e41

SHA1
414a7cc57f0c79e2668357732a3fb671884cf0cb

SHA256
78d9bf2b2e4740479568e740ae66113af6786f2ab53eea24287b21a648754ebc

SHA512
8f913cb16e8f5eb9ed5500182874fd814604496a76f184c07874582e65ecc6e1e1bbac7b6726f13f32cc2b412398ff0e5b26c074b83e4dee47092d7d0eba06ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Hash\_ghash_portable.cp38-win_amd64.pyd
MD5
9c58e7b41c19b66d6dd4325730fc8f73

SHA1
088b6c4a033f9ca64c077a74e0ad1c3efdf73032

SHA256
56c7433de77a8b24cbe9534dd56bf882f5969cfa692f0e100b8e0466c78a55d4

SHA512
745dc869d62d914ab4f82ddb47e2606a187ff4ca66fc4af3588215fcd8e5dd450de734498d995bfea589ec08c917afdc97e19d042466e53f1d199ebdf296e918

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Protocol\_scrypt.cp38-win_amd64.pyd
MD5
8947c62abae40a32e2f00fa5ce1cb234

SHA1
02c30e2313da52fe6ed2bddf01ab18e1374d36ed

SHA256
88e497ec9fe5763413bbbe9cc00834bd34e783d2870a5099eca1f96b2fee5c05

SHA512
40336557db9dcce9a143f7f42933392e2d2ad319f102f73c19a6077cc0a0eeeab5659be439c1d62a1aed9c81a1c963090e5028ceda8a4e8f42f86a2157122198

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Util\_cpuid_c.cp38-win_amd64.pyd
MD5
0c839f3c79bdb82c5ffece25e56bc4e6

SHA1
60e84a9c0522150cd03874e5888b39056c376827

SHA256
ee3f0342547dabff1d26c517b76cdfd9c01d5bdda88781d25edc5ca9af76d38c

SHA512
d86152b9bb6833fd24eb0566649d6c09fd25f2303f72ce8df1c6874928cc238f44c6933774d4b8a89ca5ec10d596f8607cdad4f723450f8b58d289dc3a5cc505

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Util\_strxor.cp38-win_amd64.pyd
MD5
b473278b8b9e1a964ad7e614bad89f89

SHA1
ded6f1dc5570e9733c5c156f663f2aa367374001

SHA256
74f72638b25b61b0d76d41c0f286fce7b2926843b26875c803cfaa3f195e25a3

SHA512
75d6afa8f6647684a237eba364fd7be90a1974eedb037d261bed1c8ca5dc329fa81eeef54ef5f037f8876485ed3f994ae5a33d4bafcd11aee4d42727b42d9967

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\RAT.exe.manifest
MD5
cc8814ca5c88a7cf8c318914d841544d

SHA1
c792fffaec04c62debba36d81ac613ac66ac4d99

SHA256
16eb5be26d647cc8c248ad035d137c7d21e326d1735e8bb9f76d70e0bb0fb7e8

SHA512
d23eefaa4d16aa1768a4d90247213ea2cdc8d3ae91f3adbe555fe5dedefefd9ee83aa6981f9aadf1a017482a5bd0dcc801e8eafb03602ea257a2fa9a46babb53

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\VCRUNTIME140.dll
MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\_bz2.pyd
MD5
712a8dba2916f0261a1290a8e3d85ebf

SHA1
27dbfa5de547c30c457855594272545dafaeb39d

SHA256
d6e5763cecd267be0ff5355ff53e93428f3dd7ab20458fb1e7432dffa060cf82

SHA512
662664189f3a426a2042c998a5396fcb660f1ec123fe8089ec740ae414e0da9173d2e1abb6a231b3271bba9c4cb2a3a0a6ea45c475531bb986a4d085e74de1d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\_ctypes.pyd
MD5
4786508ffadc542bd677f45af820fdb9

SHA1
fc0f7dae6e0d093594e4ff1c293ce004dbd16fd7

SHA256
64f5072cd9536418ec0fd4b5c30c13b03cdddced1f9332d4d721c4b37ae3883e

SHA512
ad4b0e6883c2f0c003c46b1b85f5fbc2c1f8366a212695b9e47664c8735a30d4c8a3c645b324d3d059582096a1fe78ac1043ba8a639ced0665ef8c5cc33d0b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\_hashlib.pyd
MD5
ef3b935e7d9e1685b84636f908732b06

SHA1
968bca85a6f61fa24d53fc6aa77a3f48d2b08dd6

SHA256
46d3016b73ecf3713228df563971feefcbebcea9925349a0807b48f0e09877ce

SHA512
34c1779b8b7cd8449afaaeabb37a9bbb895c199d06557ea301361972ce4722f3db98e2e099eb2ce52486ab60567ac8041a4b3b3e8e917256bdd9954cbb9b05b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\_lzma.pyd
MD5
fea0e77f594207b8af1d240a16c6650e

SHA1
dd48f108074eade8c0f84916d619bce4a97c07bb

SHA256
d7acc95049c07298af56a316419e6548f3e6b56fb22dfb3382607a803dddb5e0

SHA512
3b06abcf29bd93232afd6ae0b8fbded6cc75c5a5cdbd5b410d16e6f19e034d4f903252eda243f670173cc05e78e36e767553e065648ce7c3af330d10922d51ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\_portaudio.cp38-win_amd64.pyd
MD5
f7b8055f8d54b1ff8fe16bf86eee9d22

SHA1
8da2387d8e840d6eb34978a8343fee27d86ae100

SHA256
a35531c046271b4e0355e0d6d2844d886480b01220b71e4795263312f50beea6

SHA512
82cd75009b17719e477785040b6fa3372affdcea4b16ffb579a869f5353cb914b88ade612624f7c0d0d7e2b64edb3c92cc34c6a0306a5c2fd2829c67b3e2de0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\_socket.pyd
MD5
bc7b1b0112427976b83911e607213c37

SHA1
f4c7eb5b46ebe015a13de59f17ca158c01a377f4

SHA256
85f200cb9adf0ef97d40b897868f6ad564211d3529f0b6dfe8e04c56a7b832bc

SHA512
18bc94c917ee894121241dcf65fab370a344caaf1120162fcb0966503c502b3e990a79553d2e4e1e3403e35d2b5e00cb365254c08f99c93c178e2e1fd7b2a040

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\_sqlite3.pyd
MD5
8be539527a8e1f5c17f33f645b5b409d

SHA1
997817ad614e49833e371c6f5fc53ad01924e48b

SHA256
c9253f9c5409fca37b5ce0276d2fde0f64f76271473538d3fa08293b7d98befc

SHA512
ffd1a240b6fe33c9b1a0990251db8fad16ef69c47a5e39ebb69f4f046378ff218268f9e77ea11ee39977eb7a97dd233bc0d5bfe01ca3fdb78edb4ac6b1afc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\_ssl.pyd
MD5
d1430e77cec5e84073700c3a65e3b8eb

SHA1
32009a7ea5e3097f38a33e3c5d73a9588f78e4a9

SHA256
174ec95c793fc33a97c57709b5117ca17700b90e7c71d72c9ec4bc7757b747a9

SHA512
1b49ce51e17b28eacc22e060b028697c93ee52a0a671ef615c6386c19e78a9ff67b84920fa5d8443970b53858a29c99dfcc395c0d6bc110ef125ec1c9da648f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\base_library.zip
MD5
2bd960606898fddcbb942140b2986b12

SHA1
f258d06973d1e4893081c6041127296bca5ddf96

SHA256
f3e58ff7934121e40cbc45d80c9db4d65a826349805c3194e8b8f28aa74e94cb

SHA512
0de5840ba56d85036e068a593369040021e31d1b9c185da74320f2e928a7ea19d85f148db30eabcddb75633208b98516a405428efc92f9c7d295fa2f0d1d4074

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\libcrypto-1_1.dll
MD5
aa811bb63dbd4c5859b68332326f60b1

SHA1
6e5584d5c59d2f79cbf60c6c71a92ecd7e4e0977

SHA256
00a1eeb37372d11559bf44c9e68af9c841c41c95a173f3dfec4e0b5923d0cae0

SHA512
dad9b14f501fd63824480f8801acd4004dd46f7a6965ac8ab91e573676236a11099f4b7cfdf7b3f6c0cc52a3b2e5d9b50f715f53a1f4f858ea2a5eb15d5092cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\libssl-1_1.dll
MD5
2335285f5ac87173bd304efeddfa1d85

SHA1
64558d2150120abed3514db56299721c42c6fe58

SHA256
1b57a201184559164dedbddcb43bb110a18cafa19ea3d00fc23274ccfc420e94

SHA512
82737590d5ec7315ce8485c4794c01bfcce176ce443740a9f0cf5adfc3c3ed31a714556d33c1ca56db486636111d1ad855f606c87e5f322a505c535187ce2bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\python38.dll
MD5
eec355a6e9586f823a4f12bed11e6c80

SHA1
33627398cb32f4fbb162f38f7c277ad5b13a99ba

SHA256
560a6a5f8b7afa99600cc47da26a802c342d7f50ffe23850372f2fcf536cd26f

SHA512
7b4b3c13383de62a17aa1aafabce657ea5f4aadd716430fcd6e0f3125b773ae1589b3eaa050ccd87b37f6fae2391c5e7a8a229c0b0fa135de8d0269e9752bea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\pywintypes38.dll
MD5
4e2d48b0e2bc0d1b0a61be486b865fdd

SHA1
95fb013f66c28578dbe9db06e93e6085828a7324

SHA256
bff7b09303260eaf01ba73687d979ce6d1d50458426686bea7b01dea5db446d4

SHA512
d5aa94805bf97b51ba986c60e1401608bc547f1fed0e07f25f6b3ca2bf86167002830aa18c74cb68cf6f51aa60912036678a276971af56754753a1f01ac8d13f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\select.pyd
MD5
bb6e9825bd4a98e0700d96b59ec64f68

SHA1
afd51547dad9cd7fac0efbda76b5e2388a027681

SHA256
bb81d220db83d5276fccda137d430160b8eafd40f4d92d86ebc718b4dfd555ac

SHA512
2380a0a2bd625ff79b04bb9d4f6611150512d72f719a3cc73806ea979c29b01fc3d947fb2998e308796a32061e0f2d34d158876924c71350c759e2a841abf964

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\sqlite3.dll
MD5
fef1057e9968489fd5597509105d7b39

SHA1
3a4d3075306308f1040ee76dae5f41b57e140a3f

SHA256
31763682584428a1a3fffd1fa8318eeb011992c9902b85a173005c79d2d6322c

SHA512
f7889960ddeb6e9c1dc58d98e0ef5bc2b167d6e515e7b400a3d896de03fc066e7b1e5770ac0198bc47ff1cd38b35da7ac2d9b52a53671f036d7f77981bb4ede9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\win32gui.pyd
MD5
59751e564fb79b6fde2eaa6330a03e34

SHA1
d4c9e16f2dc3396ef496d0e2c73500a539dd48ba

SHA256
7be1d0d32c4635c655561904c2110dfc0e8420c583d5fc7a16fbc3f68f8b6753

SHA512
ac4722d0fbedf261ed127d35bdcdbe1de7e85c9f2ffba3238d6c06457ef85aa8a6ed958a17ec7fabacb4c0ee1cd38740b48f7ca2144a662feba47c92554702ed

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_Salsa20.cp38-win_amd64.pyd
MD5
e2a62a5ebad0458134f8deee7a2106ff

SHA1
83cb3ee1e85bcd68c9ffa8678d13e6a4983afec1

SHA256
ae06473c3bae466d962d2c017da97fe5dbb9788469664c5b7c016804dabf4379

SHA512
57eae7bd8499bfd5fe76d8215ddd9c4d52e2057a4f78592072110fab298a4c99cea6cc725c82756c108a69674ce6ea33d86b969d1e2c5f14482f7584cdb74cc9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_raw_cbc.cp38-win_amd64.pyd
MD5
21e62ed2a7fa0504b7dcc3ff1a3e82ed

SHA1
5ab40f09f8d8a035fb25ade3c1ef5ddd1747d11b

SHA256
259fd983c5316eae28a8675a13c7e872d13a6f9ce944af06c9142ca21880fd6a

SHA512
4c62393e438b3a33addb1dea0ad049df123ab791c7c37f1bca26be794989ba29d97158925ee4aaf5cf53583c3665152e8ecfd8159c161613b693faf81116bbd3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_raw_cfb.cp38-win_amd64.pyd
MD5
1701c1d9a9bdc4ed69de2fc17127fdcc

SHA1
c85f48dbbe2dae5165ebdd43ce4c66bc62c9d195

SHA256
cdd52145642342a60bc7d21a8e13e290350a44bcc04b42abd547bee251b2c4e4

SHA512
e2c36db36747ae82718b5b7a7f29a681080c249502adc7cf82c2932287430d7fd325b5a1571a81e64b3e877026536fd2142be9ba00c12e054769b6249db23788

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_raw_ctr.cp38-win_amd64.pyd
MD5
d5bca9d892b5ac0d04f8ddb49e8c70a4

SHA1
2bac10eaa90bc738e2ff08b853a6eb643fde4e83

SHA256
17e862ef6c23394fd8b4d9193db15ba82adeb9e0c04fc23b571592db91900b62

SHA512
4cab0daec5ea4cb1adc330b3a98da2b65c995c7135966db809ca3f58ac81b3fc69a250eef8642f9bb7c4d5021829fb649cc04542771699241dc3c36af8f9315f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_raw_ecb.cp38-win_amd64.pyd
MD5
240f306050085e6b05177b143701a285

SHA1
cfe1983e929645d8bcf7dc41cd2d0a59672f9992

SHA256
368983efc03e6db0d7d85dd7f5c78083a809104b63e052f4f7125f8e386d241a

SHA512
68e0681618f3c65772ac7149a8ee0975b635db60cabc10af178a932334a6aeae6fcb522400b1e6d26aa00f40d9888994d30888f7fa6ef236e18398ac8385fff4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Cipher\_raw_ofb.cp38-win_amd64.pyd
MD5
ad13e54d5ad6e3e221dcbaef37480f59

SHA1
5b00803ef8b262e2269023fdf3ecb63a0c5e7f33

SHA256
47814833d84f993cbabb6cfdf45c2fc4458f14822b408aa0a110a39ee2752dd5

SHA512
9392936404ab5d21835c4c736ed2eef49c2fd4cea190e0bfa1d2e0842355ee31860904cafd58281f394abd4dd3f3e62712edc953988feeb4383c81fa892a8066

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Hash\_BLAKE2s.cp38-win_amd64.pyd
MD5
76b6919e085ba66d5f3a6235ea93d7d5

SHA1
cb2f36d2eabb7c142afc78ad0c87b00f81831739

SHA256
072c47ee36c8e7df7bf8fa383525b0d64d1e5466ee400f25965e6d808e07b1f2

SHA512
557a63d0647f1df9906c14afe727b6f4917f49bb0c86ee127ea7b64709e3c44bbdce58735545650a9c64860e73e6c867e9fcdd2722401ac6bbf2e15265fee167

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Hash\_MD5.cp38-win_amd64.pyd
MD5
bb787fe48b39bdf9131ea2e35d826901

SHA1
b2a525aa21ccd5219d7309ebd82152e391e8492b

SHA256
79d82d1eae2b0276def914be88134df45d2d2442d1743fa3626d4072c143ddfc

SHA512
7b7edc3d5e4af264ac149778d71e1518f63e6a392e2c41667b74e5e4b20b7825fb8d98cadfe7f4a08a69ddef422475121114010f5894f28ba9a3ef8316845714

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Hash\_SHA1.cp38-win_amd64.pyd
MD5
ad6a3b5a7fbc67779d3a87549b00c2c6

SHA1
179bcce8ca2962e901493e39ea7a1cfe3ac36d2f

SHA256
25bc689ebfbe6a76b7d93b48538afa3979b032eeeeacb74685c72e9c0d837cbf

SHA512
6be5c76971d64fc6b3e102faaf536efc240c7607da34df2ecb40cd52cfa6aa51667c0c4c840dea2f6592e381472cac2ddf521fe3142875999342bf44675675af

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Hash\_SHA256.cp38-win_amd64.pyd
MD5
5946f34315f66764ca3b32d84ad79e41

SHA1
414a7cc57f0c79e2668357732a3fb671884cf0cb

SHA256
78d9bf2b2e4740479568e740ae66113af6786f2ab53eea24287b21a648754ebc

SHA512
8f913cb16e8f5eb9ed5500182874fd814604496a76f184c07874582e65ecc6e1e1bbac7b6726f13f32cc2b412398ff0e5b26c074b83e4dee47092d7d0eba06ac

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Protocol\_scrypt.cp38-win_amd64.pyd
MD5
8947c62abae40a32e2f00fa5ce1cb234

SHA1
02c30e2313da52fe6ed2bddf01ab18e1374d36ed

SHA256
88e497ec9fe5763413bbbe9cc00834bd34e783d2870a5099eca1f96b2fee5c05

SHA512
40336557db9dcce9a143f7f42933392e2d2ad319f102f73c19a6077cc0a0eeeab5659be439c1d62a1aed9c81a1c963090e5028ceda8a4e8f42f86a2157122198

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Util\_cpuid_c.cp38-win_amd64.pyd
MD5
0c839f3c79bdb82c5ffece25e56bc4e6

SHA1
60e84a9c0522150cd03874e5888b39056c376827

SHA256
ee3f0342547dabff1d26c517b76cdfd9c01d5bdda88781d25edc5ca9af76d38c

SHA512
d86152b9bb6833fd24eb0566649d6c09fd25f2303f72ce8df1c6874928cc238f44c6933774d4b8a89ca5ec10d596f8607cdad4f723450f8b58d289dc3a5cc505

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\Crypto\Util\_strxor.cp38-win_amd64.pyd
MD5
b473278b8b9e1a964ad7e614bad89f89

SHA1
ded6f1dc5570e9733c5c156f663f2aa367374001

SHA256
74f72638b25b61b0d76d41c0f286fce7b2926843b26875c803cfaa3f195e25a3

SHA512
75d6afa8f6647684a237eba364fd7be90a1974eedb037d261bed1c8ca5dc329fa81eeef54ef5f037f8876485ed3f994ae5a33d4bafcd11aee4d42727b42d9967

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\VCRUNTIME140.dll
MD5
7942be5474a095f673582997ae3054f1

SHA1
e982f6ebc74d31153ba9738741a7eec03a9fa5e8

SHA256
8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c

SHA512
49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\_bz2.pyd
MD5
712a8dba2916f0261a1290a8e3d85ebf

SHA1
27dbfa5de547c30c457855594272545dafaeb39d

SHA256
d6e5763cecd267be0ff5355ff53e93428f3dd7ab20458fb1e7432dffa060cf82

SHA512
662664189f3a426a2042c998a5396fcb660f1ec123fe8089ec740ae414e0da9173d2e1abb6a231b3271bba9c4cb2a3a0a6ea45c475531bb986a4d085e74de1d9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\_ctypes.pyd
MD5
4786508ffadc542bd677f45af820fdb9

SHA1
fc0f7dae6e0d093594e4ff1c293ce004dbd16fd7

SHA256
64f5072cd9536418ec0fd4b5c30c13b03cdddced1f9332d4d721c4b37ae3883e

SHA512
ad4b0e6883c2f0c003c46b1b85f5fbc2c1f8366a212695b9e47664c8735a30d4c8a3c645b324d3d059582096a1fe78ac1043ba8a639ced0665ef8c5cc33d0b80

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\_hashlib.pyd
MD5
ef3b935e7d9e1685b84636f908732b06

SHA1
968bca85a6f61fa24d53fc6aa77a3f48d2b08dd6

SHA256
46d3016b73ecf3713228df563971feefcbebcea9925349a0807b48f0e09877ce

SHA512
34c1779b8b7cd8449afaaeabb37a9bbb895c199d06557ea301361972ce4722f3db98e2e099eb2ce52486ab60567ac8041a4b3b3e8e917256bdd9954cbb9b05b3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\_lzma.pyd
MD5
fea0e77f594207b8af1d240a16c6650e

SHA1
dd48f108074eade8c0f84916d619bce4a97c07bb

SHA256
d7acc95049c07298af56a316419e6548f3e6b56fb22dfb3382607a803dddb5e0

SHA512
3b06abcf29bd93232afd6ae0b8fbded6cc75c5a5cdbd5b410d16e6f19e034d4f903252eda243f670173cc05e78e36e767553e065648ce7c3af330d10922d51ff

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\_portaudio.cp38-win_amd64.pyd
MD5
f7b8055f8d54b1ff8fe16bf86eee9d22

SHA1
8da2387d8e840d6eb34978a8343fee27d86ae100

SHA256
a35531c046271b4e0355e0d6d2844d886480b01220b71e4795263312f50beea6

SHA512
82cd75009b17719e477785040b6fa3372affdcea4b16ffb579a869f5353cb914b88ade612624f7c0d0d7e2b64edb3c92cc34c6a0306a5c2fd2829c67b3e2de0c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\_socket.pyd
MD5
bc7b1b0112427976b83911e607213c37

SHA1
f4c7eb5b46ebe015a13de59f17ca158c01a377f4

SHA256
85f200cb9adf0ef97d40b897868f6ad564211d3529f0b6dfe8e04c56a7b832bc

SHA512
18bc94c917ee894121241dcf65fab370a344caaf1120162fcb0966503c502b3e990a79553d2e4e1e3403e35d2b5e00cb365254c08f99c93c178e2e1fd7b2a040

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\_sqlite3.pyd
MD5
8be539527a8e1f5c17f33f645b5b409d

SHA1
997817ad614e49833e371c6f5fc53ad01924e48b

SHA256
c9253f9c5409fca37b5ce0276d2fde0f64f76271473538d3fa08293b7d98befc

SHA512
ffd1a240b6fe33c9b1a0990251db8fad16ef69c47a5e39ebb69f4f046378ff218268f9e77ea11ee39977eb7a97dd233bc0d5bfe01ca3fdb78edb4ac6b1afc70c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\_ssl.pyd
MD5
d1430e77cec5e84073700c3a65e3b8eb

SHA1
32009a7ea5e3097f38a33e3c5d73a9588f78e4a9

SHA256
174ec95c793fc33a97c57709b5117ca17700b90e7c71d72c9ec4bc7757b747a9

SHA512
1b49ce51e17b28eacc22e060b028697c93ee52a0a671ef615c6386c19e78a9ff67b84920fa5d8443970b53858a29c99dfcc395c0d6bc110ef125ec1c9da648f7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\libcrypto-1_1.dll
MD5
aa811bb63dbd4c5859b68332326f60b1

SHA1
6e5584d5c59d2f79cbf60c6c71a92ecd7e4e0977

SHA256
00a1eeb37372d11559bf44c9e68af9c841c41c95a173f3dfec4e0b5923d0cae0

SHA512
dad9b14f501fd63824480f8801acd4004dd46f7a6965ac8ab91e573676236a11099f4b7cfdf7b3f6c0cc52a3b2e5d9b50f715f53a1f4f858ea2a5eb15d5092cd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\libcrypto-1_1.dll
MD5
aa811bb63dbd4c5859b68332326f60b1

SHA1
6e5584d5c59d2f79cbf60c6c71a92ecd7e4e0977

SHA256
00a1eeb37372d11559bf44c9e68af9c841c41c95a173f3dfec4e0b5923d0cae0

SHA512
dad9b14f501fd63824480f8801acd4004dd46f7a6965ac8ab91e573676236a11099f4b7cfdf7b3f6c0cc52a3b2e5d9b50f715f53a1f4f858ea2a5eb15d5092cd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\libssl-1_1.dll
MD5
2335285f5ac87173bd304efeddfa1d85

SHA1
64558d2150120abed3514db56299721c42c6fe58

SHA256
1b57a201184559164dedbddcb43bb110a18cafa19ea3d00fc23274ccfc420e94

SHA512
82737590d5ec7315ce8485c4794c01bfcce176ce443740a9f0cf5adfc3c3ed31a714556d33c1ca56db486636111d1ad855f606c87e5f322a505c535187ce2bde

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\python38.dll
MD5
eec355a6e9586f823a4f12bed11e6c80

SHA1
33627398cb32f4fbb162f38f7c277ad5b13a99ba

SHA256
560a6a5f8b7afa99600cc47da26a802c342d7f50ffe23850372f2fcf536cd26f

SHA512
7b4b3c13383de62a17aa1aafabce657ea5f4aadd716430fcd6e0f3125b773ae1589b3eaa050ccd87b37f6fae2391c5e7a8a229c0b0fa135de8d0269e9752bea0

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\pywintypes38.dll
MD5
4e2d48b0e2bc0d1b0a61be486b865fdd

SHA1
95fb013f66c28578dbe9db06e93e6085828a7324

SHA256
bff7b09303260eaf01ba73687d979ce6d1d50458426686bea7b01dea5db446d4

SHA512
d5aa94805bf97b51ba986c60e1401608bc547f1fed0e07f25f6b3ca2bf86167002830aa18c74cb68cf6f51aa60912036678a276971af56754753a1f01ac8d13f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\select.pyd
MD5
bb6e9825bd4a98e0700d96b59ec64f68

SHA1
afd51547dad9cd7fac0efbda76b5e2388a027681

SHA256
bb81d220db83d5276fccda137d430160b8eafd40f4d92d86ebc718b4dfd555ac

SHA512
2380a0a2bd625ff79b04bb9d4f6611150512d72f719a3cc73806ea979c29b01fc3d947fb2998e308796a32061e0f2d34d158876924c71350c759e2a841abf964

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\sqlite3.dll
MD5
fef1057e9968489fd5597509105d7b39

SHA1
3a4d3075306308f1040ee76dae5f41b57e140a3f

SHA256
31763682584428a1a3fffd1fa8318eeb011992c9902b85a173005c79d2d6322c

SHA512
f7889960ddeb6e9c1dc58d98e0ef5bc2b167d6e515e7b400a3d896de03fc066e7b1e5770ac0198bc47ff1cd38b35da7ac2d9b52a53671f036d7f77981bb4ede9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI25242\win32gui.pyd
MD5
59751e564fb79b6fde2eaa6330a03e34

SHA1
d4c9e16f2dc3396ef496d0e2c73500a539dd48ba

SHA256
7be1d0d32c4635c655561904c2110dfc0e8420c583d5fc7a16fbc3f68f8b6753

SHA512
ac4722d0fbedf261ed127d35bdcdbe1de7e85c9f2ffba3238d6c06457ef85aa8a6ed958a17ec7fabacb4c0ee1cd38740b48f7ca2144a662feba47c92554702ed

Download Submit
memory/660-149-0x0000000000000000-mapping.dmp

Download
memory/828-186-0x0000000000000000-mapping.dmp

Download
memory/1296-150-0x0000000000000000-mapping.dmp

Download
memory/1584-187-0x0000000000000000-mapping.dmp

Download
memory/1648-191-0x0000000000000000-mapping.dmp

Download
memory/2524-115-0x00007FF7325A0000-0x00007FF732EB1000-memory.dmp

Filesize
9.1MB

Download
memory/2568-148-0x0000000000000000-mapping.dmp

Download
memory/2628-190-0x0000000000000000-mapping.dmp

Download
memory/2716-116-0x0000000000000000-mapping.dmp

Download
memory/2716-117-0x00007FF7325A0000-0x00007FF732EB1000-memory.dmp

Filesize
9.1MB

Download
memory/2716-193-0x0000017575470000-0x0000017575471000-memory.dmp

Filesize
4KB

Download
memory/3584-147-0x0000000000000000-mapping.dmp

Download
memory/3768-189-0x0000000000000000-mapping.dmp

Download
memory/3840-192-0x0000000000000000-mapping.dmp

Download
memory/3860-188-0x0000000000000000-mapping.dmp

Download