d6c39d7d9be421b66517d195180f7156c52c3fadba440d5d3d26ff6b1d45aa1a

Analysis

max time kernel
118s
max time network
77s
platform
windows7_x64
resource
win7-en-20211208
submitted
30-12-2021 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4kvideodownloader_4.18_x64Crack.exe
Size

24.3MB
MD5

346b3c83128f1918b162694eec15963d
SHA1

8c363d01e47d6dffd66044b1a34a78c5a1aac59c
SHA256

d6c39d7d9be421b66517d195180f7156c52c3fadba440d5d3d26ff6b1d45aa1a
SHA512

d69ec8e35d293f0b78543ddef48d9a4e2e2b4c372336ddb70a5aa4438611c8517b84d344fb250f7a3b14b1cde0d5eb963a9145c82b72f2e1ef807ded385cba6c

Score

10^/10

ransomware spyware stealer

Malware Config

Extracted

Path

C:\README.txt

Ransom Note

Do not close this message !!! Hi, don't worry. All of your files have been encrypted. To return your files, you need to send 0.003 bitcoin to the address 1NNLcGozxxNmFypZB4rgnmvuCju2pxfAQQ if within 10 hours there is no payment, all your files will be deleted ... You can pay through various crypto-exchanges (Binance, Coinbase and others), crypto exchanges or from your personal bitcoin wallet. After payment you will receive a decoder and an unlock key and all your files will be unlocked. Do not try to unlock it yourself, you will only waste time, and after 10 hours all files will be deleted. A strong encryption method is used for encryption. Communication after payment telegram: @crypto_support_id_43274

Wallets

1NNLcGozxxNmFypZB4rgnmvuCju2pxfAQQ

Signatures

Drops file in Drivers directory 27 IoCs

Processes:

4kvideodownloader_4.18_x64Crack.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\de-DE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\gmreadme.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\en-US\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\de-DE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\fr-FR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\fr-FR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\en-US\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\etc\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\en-US\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\fr-FR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\gmreadme.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\drivers\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\de-DE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\en-US\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\drivers\UMDF\de-DE\README.txt	4kvideodownloader_4.18_x64Crack.exe

Modifies extensions of user files 5 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

4kvideodownloader_4.18_x64Crack.exe

description	ioc	process
File renamed	C:\Users\Admin\Pictures\CopySkip.png => C:\Users\Admin\Pictures\CopySkip.png.CRYPT	4kvideodownloader_4.18_x64Crack.exe
File renamed	C:\Users\Admin\Pictures\ExitExport.tif => C:\Users\Admin\Pictures\ExitExport.tif.CRYPT	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Users\Admin\Pictures\PopInitialize.tiff	4kvideodownloader_4.18_x64Crack.exe
File renamed	C:\Users\Admin\Pictures\PopInitialize.tiff => C:\Users\Admin\Pictures\PopInitialize.tiff.CRYPT	4kvideodownloader_4.18_x64Crack.exe
File renamed	C:\Users\Admin\Pictures\RequestClear.tif => C:\Users\Admin\Pictures\RequestClear.tif.CRYPT	4kvideodownloader_4.18_x64Crack.exe

Drops startup file 2 IoCs

Processes:

4kvideodownloader_4.18_x64Crack.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\README.txt	4kvideodownloader_4.18_x64Crack.exe

Loads dropped DLL 35 IoCs

Processes:

4kvideodownloader_4.18_x64Crack.exe

pid	process
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe
1312	4kvideodownloader_4.18_x64Crack.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops desktop.ini file(s) 64 IoCs

Processes:

4kvideodownloader_4.18_x64Crack.exe

description	ioc	process
File created	C:\Users\Admin\Favorites\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ringtonesamples_31bf3856ad364e35_6.1.7600.16385_none_135e536ebbe59c28\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Fonts\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Recorded TV\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Globalization\MCT\MCT-US\Link\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Globalization\MCT\MCT-ZA\Wallpaper\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Desktop\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Favorites\Links for United States\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Web\Wallpaper\Architecture\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..i-accessibilityuser_31bf3856ad364e35_6.1.7600.16385_none_bf396ba9226e0702\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\S3IV548V\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-reg-inf_31bf3856ad364e35_6.1.7601.17514_none_535245f3d98ecb9a\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNOUQX38\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7AS43M2\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\K819CMRP\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.7600.16385_none_add5a10aa4d614d5\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Saved Games\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Videos\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Media\Raga\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Web\Wallpaper\Landscapes\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Globalization\MCT\MCT-GB\Wallpaper\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Documents\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\Documents\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Desktop\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Web\Wallpaper\Characters\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..-gb-links-component_31bf3856ad364e35_6.1.7601.17514_none_0ea01e97df141032\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-m..ttheme-za-component_31bf3856ad364e35_6.1.7601.17514_none_a5926b147a413e6a\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Downloaded Program Files\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Public\Downloads\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.7601.17514_none_da0c2f9edf5b1353\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\Desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RO7FJFDE\desktop.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Globalization\MCT\MCT-CA\Wallpaper\desktop.ini	4kvideodownloader_4.18_x64Crack.exe

Drops file in System32 directory 64 IoCs

Processes:

4kvideodownloader_4.18_x64Crack.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\fontview.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_hash_tables.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssessions.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\nbtstat.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\en-US\Licenses\eval\HomePremiumN\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\migwiz\dlmanifests\Microsoft-Windows-WMI-Core\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\StarterN\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\whoami.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\en-US\Licenses\eval\EnterpriseN\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\winrm\0411\winrm.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_For.help.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\System32\catroot2\edb00648.log	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\migwiz\dlmanifests\Networking-MPSSVC-Svc\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\fr-FR\about_trap.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\HomeBasic\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\MsSpellCheckingFacility.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\es-ES\Licenses\_Default\StarterN\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\IME\imekr8\dicts\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\regedt32.exe	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\System32\catroot2\edb00656.log	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\en-US\about_pssessions.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc003.inf_amd64_neutral_47e09b7cc0d9e993\Amd64\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wd.inf_amd64_neutral_759109899b486d47\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\en-US\Licenses\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\fr-FR\about_job_details.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\eval\Ultimate\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\Tasks\Microsoft\Windows\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\FXSUNATD.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\es-ES\Licenses\_Default\UltimateE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\pl-PL\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\ja-JP\about_Break.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\takeown.exe	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\System32\MpSigStub.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpc6200t.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\es-ES\Licenses\eval\Professional\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\fr-FR\Licenses\eval\Starter\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Ref.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\cmd.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\setspn.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ph3xibc8.inf_amd64_neutral_c93e7023ef90e637\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\Amd64\smc660u.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\fr-FR\about_remote_requirements.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\reg.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\es-ES\Licenses\OEM\HomePremiumN\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\qappsrv.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnrc007.inf_amd64_neutral_2df575afa0f7d35f\Amd64\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\sv-SE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\en-US\Licenses\OEM\EnterpriseN\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\en-US\Licenses\_Default\EnterpriseN\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\fr-FR\Licenses\eval\EnterpriseE\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\certreq.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\averfx2hbtv_x64.inf_amd64_neutral_7216b6fb23536c40\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_amd64_neutral_407146dba80d1566\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_neutral_386661b46df6da3f\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpj5500t.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\migwiz\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\slmgr\0409\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_requires.help.txt	4kvideodownloader_4.18_x64Crack.exe

Drops file in Program Files directory 64 IoCs

Processes:

4kvideodownloader_4.18_x64Crack.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\clock.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\VideoLAN\VLC\lua\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\service.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\MSBuild\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\RSSFeeds.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\localizedStrings.js	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImagesMask.bmp	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Journal\de-DE\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck.css	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\gadget.xml	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaw.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Mail\fr-FR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Google\Update\Install\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Horizon.xml	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Apex.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\InfoPathWelcomeImage.jpg	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\README.txt	4kvideodownloader_4.18_x64Crack.exe

Drops file in Windows directory 64 IoCs

Processes:

4kvideodownloader_4.18_x64Crack.exe

description	ioc	process
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..ices-portredirector_31bf3856ad364e35_6.1.7601.17514_none_bfcee980bbe30f58\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Boot\PCAT\it-IT\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dims.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c8de299667260b24\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\logo.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-artcon5.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d302b305da9d4d36\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_452c0c8569276078\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\microsoft.transactions.bridge.dtc.resources\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Boot\PCAT\el-GR\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..p-support.resources_31bf3856ad364e35_8.0.7600.16385_es-es_158bc115e2940d3e\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-tablet.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c1c73d3a91d32fe3\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..tional-codepage-932_31bf3856ad364e35_6.1.7600.16385_none_2ad03056b4ecc39f\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..ion-netsh.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c8f82e1fe7f14695\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\ehiBmlDataCarousel\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Word.v9.0\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..in-gpedit.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_03a64131170229c8\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..providers.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5b0bdba3fab9e84a\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\servicing\es-ES\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_mdmbr002.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_685a3655fa43badb\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_6.1.7601.17514_ko-kr_1b56589636443993\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_322a68aa903c6393\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\318bddc9cc3ccb7fa1bb1f7942052c65\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..airingdll.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_be5563437dd3422f\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-icm-ui.resources_31bf3856ad364e35_6.1.7600.16385_en-us_988750cdbb618ede\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_399bb48ff329ff89\license.rtf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-network-security_31bf3856ad364e35_6.1.7601.17514_none_2b4a7558412a624a\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..bitsadmin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_763d8b4172e31c4f\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..fontcache.resources_31bf3856ad364e35_7.1.7601.16492_zh-cn_7fa235f41a25ecb3\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-f..etype-timesnewroman_31bf3856ad364e35_6.1.7601.17514_none_3b958c66aff6cdb7\times.ttf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_c985fbedc9886bd1\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..k-softkbd.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d6907a3e37816f6e\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\_NetworkingPerfCounters.h	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_mdmwhql0.inf_31bf3856ad364e35_6.1.7600.16385_none_76b82b0e7bb69660\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.1.0.0_es_31bf3856ad364e35\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\SecurityAuditPolici#\7e530f5e8b7aa2d04f08ddb9a1597007\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1042\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-efsadu.resources_31bf3856ad364e35_6.1.7600.16385_de-de_742018b6bfea81b9\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..scheduled.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_7b9b82aa242001e6\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g...scrptadm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bd98fb6063b5d148\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..-printbrm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a539a0b50e5f0d40\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..fcounters.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_af35a648b3029ded\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Fonts\8514fixg.fon	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\1053\LocalizedData.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..splay-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f857fc5d27997dae\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-bitmap-ms_serif_31bf3856ad364e35_6.1.7600.16385_none_2670fbc842c5cd2f\seriffg.fon	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-font-truetype-georgia_31bf3856ad364e35_6.1.7600.16385_none_8ceadd6195267598\georgia.ttf	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-storprop.resources_31bf3856ad364e35_6.1.7600.16385_es-es_246322b71661d834\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\PLA\Rules\en-US\Rules.System.Memory.xml	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..l-keyboard-00020422_31bf3856ad364e35_6.1.7600.16385_none_89e4f7a262c2326c\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_de-de_74b66e05cc4097c8\about_Windows_PowerShell_ISE.help.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\shadow.exe	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\5d0f494f1be2367fb0a634956f719965\README.txt	4kvideodownloader_4.18_x64Crack.exe
File opened for modification	C:\Windows\inf\.NET CLR Networking 4.0.0.0\0008\_Networkingperfcounters.ini	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cdfs_31bf3856ad364e35_6.1.7600.16385_none_025c84b636a4ef6d\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_207372147765c03a\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\settings_box_left.png	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..eraccount.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e185cfc7615ec6b0\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..ility-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4fd47b5a961f72f2\README.txt	4kvideodownloader_4.18_x64Crack.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-riched32_31bf3856ad364e35_6.1.7601.17514_none_fb26b945993b2f11\README.txt	4kvideodownloader_4.18_x64Crack.exe

Opens file in notepad (likely ransom note) 2 IoCs
ransomware

Processes:

NOTEPAD.EXENOTEPAD.EXE

pid process

676 NOTEPAD.EXE
240 NOTEPAD.EXE

pid	process
676	NOTEPAD.EXE
240	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exe

pid	process
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

1372 taskmgr.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

taskmgr.exe

description pid process

Token: SeDebugPrivilege 1372 taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	1372	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exe

pid	process
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe
1372	taskmgr.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

4kvideodownloader_4.18_x64Crack.exe

description	pid	process	target process
PID 944 wrote to memory of 1312	944	4kvideodownloader_4.18_x64Crack.exe	4kvideodownloader_4.18_x64Crack.exe
PID 944 wrote to memory of 1312	944	4kvideodownloader_4.18_x64Crack.exe	4kvideodownloader_4.18_x64Crack.exe
PID 944 wrote to memory of 1312	944	4kvideodownloader_4.18_x64Crack.exe	4kvideodownloader_4.18_x64Crack.exe

C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe
"C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:944

C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe
"C:\Users\Admin\AppData\Local\Temp\4kvideodownloader_4.18_x64Crack.exe"
2⤵
- Drops file in Drivers directory
- Modifies extensions of user files
- Drops startup file
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1312

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1372

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1636

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:676

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:240

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_Salsa20.pyd
MD5
4a0583698d67299175928eb4b51b4931

SHA1
b310550f3cedd86855a14299748b1722fb501f21

SHA256
a540f601bef4d96d1d3d8f843fc953f90f06218b77332f8f3fa1a0ec3429fac0

SHA512
6680ace0bbb8f6b04b0814475d265b63801fc63d71905b72704bfb7154b55b74dc28eb9b1162437ccdb66736f466067a3f60c0a3ce261f92e4a7b8b5f35d79e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_raw_cbc.pyd
MD5
6af17257a9efb463637d7b540030ea4d

SHA1
202b15e7aa723fd99414806fcd2cf2a6b600a4cb

SHA256
3844a5cfcd190ea54cb43930b48841e5ea69addca258b9afb4618e0ff6150b37

SHA512
5f66501d3f8dacec80288da161da20a64f1b3c25e71f9d8f03b9bdb8f019d673a7ff8d59d69db3b9e9eb57ced22948732928171efbd4e43a7470d036af8e235c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_raw_cfb.pyd
MD5
15c0ca34389abaecdb9e013a388183cb

SHA1
ae26961139362e5aaacdf36fb879204925cc860a

SHA256
891d7ff5d4020dc501bdec80120e0b45250464178e0609cc6ceb4232c679b34d

SHA512
109215bc443b80bf1cea37d43477eeae5ef7cdc15348c730064fb748d36caf77a8da7211e23ca57a3b6e4638dc179bb4ce817115bd265f74f8b0ec9e1260aebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_raw_ctr.pyd
MD5
2afaa6b9ab97e39c3bc399652cdeb5d6

SHA1
214f4df2bbbd0fd36458c78375925c44cf80e33d

SHA256
00ed9c0a4be2f4def165fc188a042d5b1a2afe845dfa9e6798a060b757ad4b45

SHA512
87b2a79804ed2193e4b0d0ba7360e89f5876e1d8ba2844aeefcc0e621de831e44cd4ccaefff7e2b0a8c41b82c2a7720aeb33d4822a4dc189ffef5e50a5b042d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_raw_ecb.pyd
MD5
0bb470a8f740147ff8c0a40f9a14682d

SHA1
76ef89facf1212abef55eace0acb2325a986c505

SHA256
f7d7ed62cf6ff0af4789543402ea558a1248f125a126a1ca2c3d27e559fccb6e

SHA512
b3c328dd0b22698da0d86f279bba225212e62322c756fa0b5c487e881661b4f648622454bf8e06e95234cc5ccc5f59bd107e81381f3189308bb3b11918cbf535

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_raw_ofb.pyd
MD5
30c1fd89ceb03afe21df638a47fe7cce

SHA1
76fd964b7dc80d48f43a7fa17ada9f151d23a10e

SHA256
6bc5b504da5c16f5e4383adf992299efb53466fd30027b9de5f9605a5794268c

SHA512
07ffa5fa6bc7f7f0cf9d1b7f21979aebeb2bcc569fe1ef7e4c61d430afd2d6aab1c8300ae199af9a927639e8ec91a6974bec97a61585fc6b20bce2b14efb790d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Hash\_BLAKE2s.pyd
MD5
0a659f25aba29c133b3a5ec1f03a5db4

SHA1
6572efe4fff06478e7291eddb5e9d187d3ec9998

SHA256
bd7c386af9703b9b7a9cde44556d81fa594333ca40fcb117edf3d2a0a1e2c5b9

SHA512
b02a23335bb56122f86bf4c4250c3cbc51775dbe18ec66544c8563725393f824b7bf3d73fbab260f0f98c8d03727b5704f39d27fede1ec5f1da28a1c807a6d2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Hash\_MD5.pyd
MD5
6f0768c84bdb30a5e1d7bd4964ddeea8

SHA1
3772b0e809d866a95d0926718787252823fcf80e

SHA256
b7b05a1b5a9d354a17fdb34ce82b4709796158e5985ab75d76c6855bb47294d2

SHA512
9946f0ebbd1ee787e2169d7f0cc4fc197f86bd53df3bb8eaba554f4eaa5bd644ff6f21ec50f62d5fb45bb18d7c8be681cb21d8e378c551b3a12b418fc6c86dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Hash\_SHA1.pyd
MD5
391544d71a5170bde0e0ee6cf030eff8

SHA1
bea6cbbbf347ca8f3ec561cb6a3f30ded2c01ebe

SHA256
1b6b09552ff21f101ffd16a5d48f4f6701f784c17d6585f97d2adeae0f73c199

SHA512
13571ce07a8fb0c885b9913a4fff9fcaeeaf90c4094cdacc0f684b41b4779880256acc6d40c9fabb3d98dde7b6f30180363a72cc5646635d30f11c948a7c897c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Hash\_SHA256.pyd
MD5
430ca8a693a4886083f9837e4a4e813b

SHA1
7cff277f7e54d07dd9f624c28a7e846ec855b6cc

SHA256
6e3480ff4a93b8d6d651fabd27e5649bcec91c3bae031cf124d3e1c4a5f18531

SHA512
d2f52367140e9dc8dd64bde361acee28538bf69b70370fdedd350f22ac9f8c265fbb2d1ade87b483c55e9710e58b0bd659e84f39fafcee7489b43faa871d4b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Hash\_ghash_portable.pyd
MD5
849dfa6f22b925251803ae4e7d4f3b18

SHA1
7f8e8411e069977619b6bd8edc0861f6316dd687

SHA256
02fcd7aa6c0a826c38a02b5467e2ef52f220088dacb5783ebe7f5eca8b770cf2

SHA512
af95b1b1469720923606e24cad7f7cf30a56ffe080a5e753b6b9a730bc09dc89684c96b99455a70041d03572022854a12ebfce2fccc3249613852fa1b51184a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Protocol\_scrypt.pyd
MD5
46be10bf3088a1261badfa0e679f3543

SHA1
257f8388fec2a9e60c5d5c91cf852d59e2398c6a

SHA256
db5726285fae7a30be8891005981860ea35451c2d3cc38e35cb03432273f5f40

SHA512
2dcd039718f5d8428dde47ca0d91ebce9e924caa90ffc09bd2c7cd27a98a81636956ff97c37a2cbf63ce012b524642eecdcf2363a433c86e8dd7f692ab3c5f58

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Util\_cpuid_c.pyd
MD5
2c604e06f1e4cc2ef1eca6eb22c70978

SHA1
9fc0d174c906df0711bfff8cda2c614ccdf82963

SHA256
0abc80d641cf7ff60656cd96da95fd140a1ebc76a141ec38da7b2db7ad538ca2

SHA512
827f8de0c122a99642b3c8a46baad550cb72ee9f8b7800e3d2da2e63699a41198ba08b44201f405b333253282831e1a21732de077f8b720d4b447fa904fc9450

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Util\_strxor.pyd
MD5
5d16c04cb143cb3eebde0a9a2abda13d

SHA1
d1f44513a7cc7ae8662024aa65ab13aac960c622

SHA256
3d569b106e5bd882ef715a9963bbd722c630412d19818e6b66cbd0e3e64aaba8

SHA512
05ec55e27ad2606c73606f4046ee2c9b3cdece1fd15ee8dfc06bdb1f7a3184cfce51d10986f0668308ba626fcecde9f11dc0e43fa17ce80b89e43ae32ab677c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\MSVCP140.dll
MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\PIL\_imaging.cp38-win_amd64.pyd
MD5
3d16ceb431cc4525092b288710215b21

SHA1
2ab0588833efc711a396f4645a1fa47189a302cd

SHA256
e5969133022aafeb78af3cfae7c00cbe677f385a7bfd09cec8c1fc8fb399c0a0

SHA512
3f25aff2c396592b3c7a6ff828fcdd4ba7e671c8af33258a8d3c54cf153981b47072710d97f413560d9b7499b1d712caa928554faa9b9ce3e20a6f717e55a9cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\VCRUNTIME140.dll
MD5
18571d6663b7d9ac95f2821c203e471f

SHA1
3c186018df04e875d6b9f83521028a21f145e3be

SHA256
0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f

SHA512
c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\_bz2.pyd
MD5
fc0d862a854993e0e51c00dee3eec777

SHA1
20203332c6f7bd51f6a5acbbc9f677c930d0669d

SHA256
e5de23dbac7ece02566e79b3d1923a8eeae628925c7fb4b98a443cad94a06863

SHA512
b3c2ade15cc196e687e83dd8d21ce88b83c8137a83cfc20bc8f2c8f3ab72643ef7ca08e1dc23de0695f508ba0080871956303ac30f92ab865f3e4249d4d65c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\_cffi_backend.cp38-win_amd64.pyd
MD5
619d3a9aae2d8950e7c301961f9a690d

SHA1
45ad21bde1388fe90aa96b78ad145774b4fb0a41

SHA256
04912a0afce079849a46b2df70b43877d1c5f001d764e16ad0e6cac258050b7a

SHA512
69034d87545e72033f887bc63a2c85c2efc732ee5d7d6e7bd0ecede81e5c0e5ff6e7d0f881205e9872085bf61f332143e847ed9c301750e4fceb2e7dc0525923

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\_ctypes.pyd
MD5
8adb1345c717e575e6614e163eb62328

SHA1
f1ee3fff6e06dc4f22a5eb38c09c54580880e0a3

SHA256
65edc348db42347570578b979151b787ceebfc98e0372c28116cc229494a78a8

SHA512
0f11673854327fd2fcd12838f54c080edc4d40e4bcb50c413fe3f823056d189636dc661ea79207163f966719bf0815e1ffa75e2fb676df4e56ed6321f1ff6cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\_hashlib.pyd
MD5
5fa7c9d5e6068718c6010bbeb18fbeb3

SHA1
93e8875d6d0f943b4226e25452c2c7d63d22b790

SHA256
2e98f91087f56dfdffbbdd951cd55cd7ea771cec93d59cadb86b964ed8708155

SHA512
3104aa8b785740dc6a5261c27b2bdc6e14b2f37862fa0fba151b1bc1bfc0e5fb5b6934b95488fa47c5af3fc2b2283f333ff6517b6f8cf0437c52cf171da58bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\_lzma.pyd
MD5
60e215bb78fb9a40352980f4de818814

SHA1
ff750858c3352081514e2ae0d200f3b8c3d40096

SHA256
c4d00582dee45841747b07b91a3e46e55af79e6518ec9f0ce59b989c0acd2806

SHA512
398a441de98963873417da6352413d080620faf2ae4b99425d7c9eaf96d5f2fdf1358e21f16870bdff514452115266a58ee3c6783611f037957bfa4bcec34230

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\_socket.pyd
MD5
1d53841bb21acdcc8742828c3aded891

SHA1
cdf15d4815820571684c1f720d0cba24129e79c8

SHA256
ab13258c6da2c26c4dca7239ff4360ca9166ea8f53bb8cc08d2c7476cab7d61b

SHA512
0266bcbcd7ca5f6c9df8dbeea00e1275932dacc38e5dd83a47bfbb87f7ca6778458a6671d8b84a63ae9216a65975da656ba487ac28d41140122f46d0174fa9f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\_tkinter.pyd
MD5
7577b428063ea0eda1e0937f4976b078

SHA1
6256415033aae978835fe3dc4523a462d5932873

SHA256
7fdbb5a713a3de7413564a2ec15c8715f3ba203bfe2b944c9cda610155c511d1

SHA512
a36e09535579e5cc2fcc86659ae60fa7a779bfd577b6dc9d27fec78e8be1e095f52320fe0822fcb080b96d71729e97c6f07c8728565e8aea708426289485147c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\base_library.zip
MD5
5b9dbac77705ebeafb101b3f9b0fb50f

SHA1
6bb77af71ea5a2059d77779334674462fe7419df

SHA256
db13fc22122682b641e2f3eb1ff402255136fb27edabf0d6a317ae090730f570

SHA512
1ee42d058b8c1e1eaea03de954dd69f40dcf60ff171421c2add1e52185484a63be7fff05e2bfcb8d50fa298ff9f1db62dff10a4cb975d28d903c70b34dfe0e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\libcrypto-1_1.dll
MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\pyexpat.pyd
MD5
11a886189eb726d5786926cc09f9e116

SHA1
d94295368a1285681fb03bac0553eb1495d43805

SHA256
dc38bdbe10cfaa99799e0c87aa8444fc062d445b87686d6593ffca46cc938031

SHA512
405c56487a91ad1209029ca6ea125642076251f0a8c069eef0e30ce484381db7bf24d2f5cd74b83d1c8c1358f92f35fa6ed7b75601ace611cf36bb2331588684

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\python38.dll
MD5
1f2688b97f9827f1de7dfedb4ad2348c

SHA1
a9650970d38e30835336426f704579e87fcfc892

SHA256
169eeb1bdf99ed93ca26453d5ca49339e5ae092662cd94cde09fbb10046f83fc

SHA512
27e56b2d73226e36b0c473d8eb646813997cbdf955397d0b61fcae37ed1f2c3715e589f9a07d909a967009ed2c664d14007ccf37d83a7df7ce2a0fefca615503

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\select.pyd
MD5
a2ab334e18222738dcb05bf820725938

SHA1
2f75455a471f95ac814b8e4560a023034480b7b5

SHA256
7ba95624370216795ea4a087c326422cfcbccc42b5ada21f4d85c532c71afad7

SHA512
72e891d1c7e5ea44a569283b5c8bd8c310f2ee3d3cc9c25c6a7d7d77a62cb301c822c833b0792c3163cf0b0d6272da2f667e6bc74b07ed7946082433f77d9679

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\tcl86t.dll
MD5
c0b23815701dbae2a359cb8adb9ae730

SHA1
5be6736b645ed12e97b9462b77e5a43482673d90

SHA256
f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768

SHA512
ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\tcl\encoding\cp1252.enc
MD5
5900f51fd8b5ff75e65594eb7dd50533

SHA1
2e21300e0bc8a847d0423671b08d3c65761ee172

SHA256
14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

SHA512
ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI9442\tk86t.dll
MD5
fdc8a5d96f9576bd70aa1cadc2f21748

SHA1
bae145525a18ce7e5bc69c5f43c6044de7b6e004

SHA256
1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5

SHA512
816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_Salsa20.pyd
MD5
4a0583698d67299175928eb4b51b4931

SHA1
b310550f3cedd86855a14299748b1722fb501f21

SHA256
a540f601bef4d96d1d3d8f843fc953f90f06218b77332f8f3fa1a0ec3429fac0

SHA512
6680ace0bbb8f6b04b0814475d265b63801fc63d71905b72704bfb7154b55b74dc28eb9b1162437ccdb66736f466067a3f60c0a3ce261f92e4a7b8b5f35d79e7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_raw_cbc.pyd
MD5
6af17257a9efb463637d7b540030ea4d

SHA1
202b15e7aa723fd99414806fcd2cf2a6b600a4cb

SHA256
3844a5cfcd190ea54cb43930b48841e5ea69addca258b9afb4618e0ff6150b37

SHA512
5f66501d3f8dacec80288da161da20a64f1b3c25e71f9d8f03b9bdb8f019d673a7ff8d59d69db3b9e9eb57ced22948732928171efbd4e43a7470d036af8e235c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_raw_cfb.pyd
MD5
15c0ca34389abaecdb9e013a388183cb

SHA1
ae26961139362e5aaacdf36fb879204925cc860a

SHA256
891d7ff5d4020dc501bdec80120e0b45250464178e0609cc6ceb4232c679b34d

SHA512
109215bc443b80bf1cea37d43477eeae5ef7cdc15348c730064fb748d36caf77a8da7211e23ca57a3b6e4638dc179bb4ce817115bd265f74f8b0ec9e1260aebf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_raw_ctr.pyd
MD5
2afaa6b9ab97e39c3bc399652cdeb5d6

SHA1
214f4df2bbbd0fd36458c78375925c44cf80e33d

SHA256
00ed9c0a4be2f4def165fc188a042d5b1a2afe845dfa9e6798a060b757ad4b45

SHA512
87b2a79804ed2193e4b0d0ba7360e89f5876e1d8ba2844aeefcc0e621de831e44cd4ccaefff7e2b0a8c41b82c2a7720aeb33d4822a4dc189ffef5e50a5b042d6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_raw_ecb.pyd
MD5
0bb470a8f740147ff8c0a40f9a14682d

SHA1
76ef89facf1212abef55eace0acb2325a986c505

SHA256
f7d7ed62cf6ff0af4789543402ea558a1248f125a126a1ca2c3d27e559fccb6e

SHA512
b3c328dd0b22698da0d86f279bba225212e62322c756fa0b5c487e881661b4f648622454bf8e06e95234cc5ccc5f59bd107e81381f3189308bb3b11918cbf535

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Cipher\_raw_ofb.pyd
MD5
30c1fd89ceb03afe21df638a47fe7cce

SHA1
76fd964b7dc80d48f43a7fa17ada9f151d23a10e

SHA256
6bc5b504da5c16f5e4383adf992299efb53466fd30027b9de5f9605a5794268c

SHA512
07ffa5fa6bc7f7f0cf9d1b7f21979aebeb2bcc569fe1ef7e4c61d430afd2d6aab1c8300ae199af9a927639e8ec91a6974bec97a61585fc6b20bce2b14efb790d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Hash\_BLAKE2s.pyd
MD5
0a659f25aba29c133b3a5ec1f03a5db4

SHA1
6572efe4fff06478e7291eddb5e9d187d3ec9998

SHA256
bd7c386af9703b9b7a9cde44556d81fa594333ca40fcb117edf3d2a0a1e2c5b9

SHA512
b02a23335bb56122f86bf4c4250c3cbc51775dbe18ec66544c8563725393f824b7bf3d73fbab260f0f98c8d03727b5704f39d27fede1ec5f1da28a1c807a6d2d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Hash\_MD5.pyd
MD5
6f0768c84bdb30a5e1d7bd4964ddeea8

SHA1
3772b0e809d866a95d0926718787252823fcf80e

SHA256
b7b05a1b5a9d354a17fdb34ce82b4709796158e5985ab75d76c6855bb47294d2

SHA512
9946f0ebbd1ee787e2169d7f0cc4fc197f86bd53df3bb8eaba554f4eaa5bd644ff6f21ec50f62d5fb45bb18d7c8be681cb21d8e378c551b3a12b418fc6c86dda

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Hash\_SHA1.pyd
MD5
391544d71a5170bde0e0ee6cf030eff8

SHA1
bea6cbbbf347ca8f3ec561cb6a3f30ded2c01ebe

SHA256
1b6b09552ff21f101ffd16a5d48f4f6701f784c17d6585f97d2adeae0f73c199

SHA512
13571ce07a8fb0c885b9913a4fff9fcaeeaf90c4094cdacc0f684b41b4779880256acc6d40c9fabb3d98dde7b6f30180363a72cc5646635d30f11c948a7c897c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Hash\_SHA256.pyd
MD5
430ca8a693a4886083f9837e4a4e813b

SHA1
7cff277f7e54d07dd9f624c28a7e846ec855b6cc

SHA256
6e3480ff4a93b8d6d651fabd27e5649bcec91c3bae031cf124d3e1c4a5f18531

SHA512
d2f52367140e9dc8dd64bde361acee28538bf69b70370fdedd350f22ac9f8c265fbb2d1ade87b483c55e9710e58b0bd659e84f39fafcee7489b43faa871d4b97

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Hash\_ghash_portable.pyd
MD5
849dfa6f22b925251803ae4e7d4f3b18

SHA1
7f8e8411e069977619b6bd8edc0861f6316dd687

SHA256
02fcd7aa6c0a826c38a02b5467e2ef52f220088dacb5783ebe7f5eca8b770cf2

SHA512
af95b1b1469720923606e24cad7f7cf30a56ffe080a5e753b6b9a730bc09dc89684c96b99455a70041d03572022854a12ebfce2fccc3249613852fa1b51184a5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Protocol\_scrypt.pyd
MD5
46be10bf3088a1261badfa0e679f3543

SHA1
257f8388fec2a9e60c5d5c91cf852d59e2398c6a

SHA256
db5726285fae7a30be8891005981860ea35451c2d3cc38e35cb03432273f5f40

SHA512
2dcd039718f5d8428dde47ca0d91ebce9e924caa90ffc09bd2c7cd27a98a81636956ff97c37a2cbf63ce012b524642eecdcf2363a433c86e8dd7f692ab3c5f58

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Util\_cpuid_c.pyd
MD5
2c604e06f1e4cc2ef1eca6eb22c70978

SHA1
9fc0d174c906df0711bfff8cda2c614ccdf82963

SHA256
0abc80d641cf7ff60656cd96da95fd140a1ebc76a141ec38da7b2db7ad538ca2

SHA512
827f8de0c122a99642b3c8a46baad550cb72ee9f8b7800e3d2da2e63699a41198ba08b44201f405b333253282831e1a21732de077f8b720d4b447fa904fc9450

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\Crypto\Util\_strxor.pyd
MD5
5d16c04cb143cb3eebde0a9a2abda13d

SHA1
d1f44513a7cc7ae8662024aa65ab13aac960c622

SHA256
3d569b106e5bd882ef715a9963bbd722c630412d19818e6b66cbd0e3e64aaba8

SHA512
05ec55e27ad2606c73606f4046ee2c9b3cdece1fd15ee8dfc06bdb1f7a3184cfce51d10986f0668308ba626fcecde9f11dc0e43fa17ce80b89e43ae32ab677c3

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\MSVCP140.dll
MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\PIL\_imaging.cp38-win_amd64.pyd
MD5
3d16ceb431cc4525092b288710215b21

SHA1
2ab0588833efc711a396f4645a1fa47189a302cd

SHA256
e5969133022aafeb78af3cfae7c00cbe677f385a7bfd09cec8c1fc8fb399c0a0

SHA512
3f25aff2c396592b3c7a6ff828fcdd4ba7e671c8af33258a8d3c54cf153981b47072710d97f413560d9b7499b1d712caa928554faa9b9ce3e20a6f717e55a9cd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\VCRUNTIME140.dll
MD5
18571d6663b7d9ac95f2821c203e471f

SHA1
3c186018df04e875d6b9f83521028a21f145e3be

SHA256
0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f

SHA512
c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\_bz2.pyd
MD5
fc0d862a854993e0e51c00dee3eec777

SHA1
20203332c6f7bd51f6a5acbbc9f677c930d0669d

SHA256
e5de23dbac7ece02566e79b3d1923a8eeae628925c7fb4b98a443cad94a06863

SHA512
b3c2ade15cc196e687e83dd8d21ce88b83c8137a83cfc20bc8f2c8f3ab72643ef7ca08e1dc23de0695f508ba0080871956303ac30f92ab865f3e4249d4d65c2f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\_cffi_backend.cp38-win_amd64.pyd
MD5
619d3a9aae2d8950e7c301961f9a690d

SHA1
45ad21bde1388fe90aa96b78ad145774b4fb0a41

SHA256
04912a0afce079849a46b2df70b43877d1c5f001d764e16ad0e6cac258050b7a

SHA512
69034d87545e72033f887bc63a2c85c2efc732ee5d7d6e7bd0ecede81e5c0e5ff6e7d0f881205e9872085bf61f332143e847ed9c301750e4fceb2e7dc0525923

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\_ctypes.pyd
MD5
8adb1345c717e575e6614e163eb62328

SHA1
f1ee3fff6e06dc4f22a5eb38c09c54580880e0a3

SHA256
65edc348db42347570578b979151b787ceebfc98e0372c28116cc229494a78a8

SHA512
0f11673854327fd2fcd12838f54c080edc4d40e4bcb50c413fe3f823056d189636dc661ea79207163f966719bf0815e1ffa75e2fb676df4e56ed6321f1ff6cae

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\_hashlib.pyd
MD5
5fa7c9d5e6068718c6010bbeb18fbeb3

SHA1
93e8875d6d0f943b4226e25452c2c7d63d22b790

SHA256
2e98f91087f56dfdffbbdd951cd55cd7ea771cec93d59cadb86b964ed8708155

SHA512
3104aa8b785740dc6a5261c27b2bdc6e14b2f37862fa0fba151b1bc1bfc0e5fb5b6934b95488fa47c5af3fc2b2283f333ff6517b6f8cf0437c52cf171da58bf5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\_lzma.pyd
MD5
60e215bb78fb9a40352980f4de818814

SHA1
ff750858c3352081514e2ae0d200f3b8c3d40096

SHA256
c4d00582dee45841747b07b91a3e46e55af79e6518ec9f0ce59b989c0acd2806

SHA512
398a441de98963873417da6352413d080620faf2ae4b99425d7c9eaf96d5f2fdf1358e21f16870bdff514452115266a58ee3c6783611f037957bfa4bcec34230

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\_socket.pyd
MD5
1d53841bb21acdcc8742828c3aded891

SHA1
cdf15d4815820571684c1f720d0cba24129e79c8

SHA256
ab13258c6da2c26c4dca7239ff4360ca9166ea8f53bb8cc08d2c7476cab7d61b

SHA512
0266bcbcd7ca5f6c9df8dbeea00e1275932dacc38e5dd83a47bfbb87f7ca6778458a6671d8b84a63ae9216a65975da656ba487ac28d41140122f46d0174fa9f9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\_tkinter.pyd
MD5
7577b428063ea0eda1e0937f4976b078

SHA1
6256415033aae978835fe3dc4523a462d5932873

SHA256
7fdbb5a713a3de7413564a2ec15c8715f3ba203bfe2b944c9cda610155c511d1

SHA512
a36e09535579e5cc2fcc86659ae60fa7a779bfd577b6dc9d27fec78e8be1e095f52320fe0822fcb080b96d71729e97c6f07c8728565e8aea708426289485147c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\libcrypto-1_1.dll
MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\libffi-7.dll
MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\pyexpat.pyd
MD5
11a886189eb726d5786926cc09f9e116

SHA1
d94295368a1285681fb03bac0553eb1495d43805

SHA256
dc38bdbe10cfaa99799e0c87aa8444fc062d445b87686d6593ffca46cc938031

SHA512
405c56487a91ad1209029ca6ea125642076251f0a8c069eef0e30ce484381db7bf24d2f5cd74b83d1c8c1358f92f35fa6ed7b75601ace611cf36bb2331588684

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\python38.dll
MD5
1f2688b97f9827f1de7dfedb4ad2348c

SHA1
a9650970d38e30835336426f704579e87fcfc892

SHA256
169eeb1bdf99ed93ca26453d5ca49339e5ae092662cd94cde09fbb10046f83fc

SHA512
27e56b2d73226e36b0c473d8eb646813997cbdf955397d0b61fcae37ed1f2c3715e589f9a07d909a967009ed2c664d14007ccf37d83a7df7ce2a0fefca615503

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\select.pyd
MD5
a2ab334e18222738dcb05bf820725938

SHA1
2f75455a471f95ac814b8e4560a023034480b7b5

SHA256
7ba95624370216795ea4a087c326422cfcbccc42b5ada21f4d85c532c71afad7

SHA512
72e891d1c7e5ea44a569283b5c8bd8c310f2ee3d3cc9c25c6a7d7d77a62cb301c822c833b0792c3163cf0b0d6272da2f667e6bc74b07ed7946082433f77d9679

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\tcl86t.dll
MD5
c0b23815701dbae2a359cb8adb9ae730

SHA1
5be6736b645ed12e97b9462b77e5a43482673d90

SHA256
f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768

SHA512
ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI9442\tk86t.dll
MD5
fdc8a5d96f9576bd70aa1cadc2f21748

SHA1
bae145525a18ce7e5bc69c5f43c6044de7b6e004

SHA256
1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5

SHA512
816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

Download Submit
memory/944-53-0x000007FEFC061000-0x000007FEFC063000-memory.dmp

Filesize
8KB

Download
memory/1312-54-0x0000000000000000-mapping.dmp

Download