575217bea9e48eb29dadc041cc99fc754155b2c0359914e4f88201409ed7d070

Analysis

max time kernel
83s
max time network
85s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18/05/2023, 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

shellclient.exe
Size

31.8MB
MD5

80171cc23871e613efe6a23c784866e9
SHA1

db34ce3ff154c42acb0d3d2f4a26b2c3c2cbe4cc
SHA256

575217bea9e48eb29dadc041cc99fc754155b2c0359914e4f88201409ed7d070
SHA512

a989f3facc6eabed6ca5a1c2b942c71755c8894b6f3e1403ab2a2dfd73ff8ff7daf138cfac6537d3d419cf9ffe0d126e8ba2e036e1cc476c41294ff3bcd78c98
SSDEEP

786432:MJaY2VQmprb7HOHzeMKVxzx5hD7rPf9Pj2ttW8i7H:MEY2VQmprbTOHzDCd5hD7r3Fj2TWz7H

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	shellclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	shellclient.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	shellclient.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	shellclient.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5100	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5100	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4916	shellclient.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe
4916	shellclient.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 4916	4120	shellclient.exe	66
PID 4120 wrote to memory of 4916	4120	shellclient.exe	66

C:\Users\Admin\AppData\Local\Temp\shellclient.exe
"C:\Users\Admin\AppData\Local\Temp\shellclient.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Users\Admin\AppData\Local\Temp\shellclient.exe
  "C:\Users\Admin\AppData\Local\Temp\shellclient.exe"
  2⤵
  - Loads dropped DLL
  - Checks SCSI registry key(s)
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:4916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5100

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI41202\SDL2_image.dll

Filesize
122KB

MD5
b8d249a5e394b4e6a954c557af1b80e6

SHA1
b03bb9d09447114a018110bfb91d56ef8d5ec3bb

SHA256
1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194

SHA512
2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\_tkinter.pyd

Filesize
62KB

MD5
6352db60d88705ce62b5665764529006

SHA1
e7a22fd590661e91dfe5cace1adff17d7a3de5ec

SHA256
4536d9092a366426aa01e1800d9d4de669928bbcb277f2363d54df44da096c31

SHA512
78b19668c82aef75dcdf98fd0b90677f3530cb7e80dc7cfec5640637fecb3e5d4fb38c21051fc305133882d26c6f8ecb03825227a3d66c5045b968bdc624bd2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\base_library.zip

Filesize
1.7MB

MD5
ebb4f1a115f0692698b5640869f30853

SHA1
9ba77340a6a32af08899e7f3c97841724dd78c3f

SHA256
4ab0deb6a298d14a0f50d55dc6ce5673b6c5320817ec255acf282191642a4576

SHA512
3f6ba7d86c9f292344f4ad196f4ae863bf936578dd7cfac7dc4aaf05c2c78e68d5f813c4ed36048b6678451f1717deeb77493d8557ee6778c6a70beb5294d21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\libpng16-16.dll

Filesize
206KB

MD5
3a26cd3f92436747d2285dcef1fae67f

SHA1
e3d1403be06beb32fc8dc7e8a58c31e18b586a70

SHA256
e688b4a4d18f4b6ccc99c6ca4980f51218cb825610775192d9b60b2f05eff2d5

SHA512
73d651f063246723807d837811ead30e3faca8cb0581603f264c28fea1b2bdb6d874a73c1288c7770e95463786d6945b065d4ca1cf553e08220aea4e78a6f37f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pyexpat.pyd

Filesize
194KB

MD5
48e6930e3095f5a2dcf9baa67098acfb

SHA1
ddcd143f386e74e9820a3f838058c4caa7123a65

SHA256
c1ed7017ce55119df27563d470e7dc3fb29234a7f3cd5fc82d317b6fe559300b

SHA512
b50f42f6c7ddbd64bf0ff37f40b8036d253a235fb67693a7f1ed096f5c3b94c2bde67d0db63d84a8c710505a891b43f913e1b1044c42b0f5f333d0fe0386a62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\SDL2.dll

Filesize
2.4MB

MD5
e83a90b09e6274a9a375d73fd130850c

SHA1
90635404abaa143603a4d18a6555837e2f764673

SHA256
c2325ce01734ee1abe0f2a040d2ca8551012be3820a1fb2f32530d872df19517

SHA512
863c55f9e5e636006ec388d7b253ce896ec4c05a09a960dedb02610ed3dd01bbc213f7cafe63ad3c38aef70a899fc6d056c24305485798797171f7546dbe3c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\base.cp311-win_amd64.pyd

Filesize
30KB

MD5
c690377883b1af9c73427a0aabdc0683

SHA1
7247d6f1bf13b55edb8571b46a5a8f7ad810b1ad

SHA256
ae552429c404d432bfc42179f992afc488ac749bae45c6e166f52a1073a0bb52

SHA512
040fdc6216e2630965818cad2610e38ff76e211e3d4391c7b615bdfc9342063098b7d90070d4448d7a62066ea384398ad37aef4c7e35bf2944fa0c33391bcbe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\bufferproxy.cp311-win_amd64.pyd

Filesize
18KB

MD5
acde4e9c4421b6aa4189272c872031e5

SHA1
bc0f0120fd1a271565cdd9300023c23efc2fc424

SHA256
3193c3b89b0b2499ff87dc4ac744a04baf15202cdb96b9acf614255f1a0aa35b

SHA512
1031035b4a46cac05bc1ea3f095f082b447cd7ea6750b2de105ec93c242888144195345353089c75c7add79f2ceee9099a46114901185f42a40452d88bc77c93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\color.cp311-win_amd64.pyd

Filesize
34KB

MD5
8721805dde08221a234808be93f66c89

SHA1
10257273956abc843a6ef9f5579514779e48b29e

SHA256
e388cc394e9b508ffa69dc4c1821b7c9db0fce6fdc1fd7dcdd0d39a2fd315977

SHA512
d0802280c6dc5ccd909fa84a5e77c75aedf6481a953d7004c7c5c77f944c3cf14957b996d90f10a767eceabe29aaa4e215bed251a929e9fe481c59a3a7a2f714

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\constants.cp311-win_amd64.pyd

Filesize
49KB

MD5
1882f4482f3ee42be955b00e857c4ca4

SHA1
415b1fb0beb3c1571b500d193477d2903f2dd39a

SHA256
b32c574b77e37a88ebd358be5c32f1fbf2dc73770b73fb79174d2032f928b728

SHA512
7b4b0c2eefaa97db52b5d890e15817823bffb7346753ea393c0e22056286bf2843e4127d56720f3b7d6de99b670fafd38ae1470f54ffed943fa34491590989a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\display.cp311-win_amd64.pyd

Filesize
43KB

MD5
17855c7ed451061d2b5692ed8111c46c

SHA1
ad5b2dcf725cf5c081bbc80772789750c1c75cd6

SHA256
b2ef54c1539bff1ade540d7668555dda2666fbf1e937b51c945bf39b4b3762a9

SHA512
570d899abe26d54d8ed49454b1d1a5f9b4eeac87d60a3c4544c9e99efe9af48e3c1e3bc7427984992a66e8d0f717e9842b51370a18262892a790c2e5b149d925

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\draw.cp311-win_amd64.pyd

Filesize
48KB

MD5
5873f3ad4a5e51ec06950f27f8543cfb

SHA1
6c51e3a022ab225a52846456591a7916a6803880

SHA256
31c9c1f79bb1931c2709214e75de5b377dbcfda9d223f2b742a4da9a11716444

SHA512
6c14b29383fecbe5a4c7905ade103b34ab13f3f8ac7c0d5958801c78a1baab3d76767aa622876e48553a286044aa99b9593092506fa40b74a04aa1949eddaf7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\event.cp311-win_amd64.pyd

Filesize
42KB

MD5
ffc2f60b2c5511a3bd38ed35cb0c8bf5

SHA1
e1a106889ff4f53761f483bfb0e95c32a8ea1652

SHA256
596e47ee45cd5562d52e274f0fa8f43918acbd73cdf3d12791b68cbf5d9ac200

SHA512
1c6ad48c2228443aff650eaa1124187df7c229c4e287495dc0ff8b057c757eaee80745e08ea050f26110d2664c46b7e84416ce98f0da94906c1cd8368ccf8ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\image.cp311-win_amd64.pyd

Filesize
29KB

MD5
2f28fa774fe94dcc02b008636a975026

SHA1
b0bb1c96599079ee9cf212d8980c80d49ac4b945

SHA256
ee830dda08f8fdd89e4860ec309a5547d25db560520f00d5534236a78a986c8d

SHA512
7a7b7c0e0d3ec9841677f6357fe7046f94532d6bb4790eab96c25de9a96941b6b1df91e35ab7d98fbb66c2314e96241bad7b92e508b564b5a112326728d0de5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\imageext.cp311-win_amd64.pyd

Filesize
17KB

MD5
699c62022bfb7d3e563526bac7307876

SHA1
3438b30890c106d74b0d4db494062d3cbe4e19bd

SHA256
440c609c9abebc31a3be1ca1700af5a62f0213330d14bc1517d8670d9bbf7e50

SHA512
879599fe79cd9ece82be633b7c22111679dcc787dbcfd07e1b89db08d6f18797dc2897971a481c6c9dd1c5be31a995665f45994a18f307ab118162e1529f3c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\math.cp311-win_amd64.pyd

Filesize
74KB

MD5
4568b7dc68a058eaed64553980f6cc79

SHA1
49b7b44522b403408e687b86af9cf244faf9729e

SHA256
38c3f1344b11485e1ece093097f5550e765ced9c75dfccfe07fe5e2010e3bdff

SHA512
d58971829e1c6f275ff10ec6d3ff2c96c686af2fcb3da63c218966139460534be77a00e51b0c809febd52c5e6688c838af7e826f6851d66fe6f4019c9cc41136

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\rect.cp311-win_amd64.pyd

Filesize
43KB

MD5
93a4f6046b4ebed66ea7d89693291550

SHA1
62a52c8933558ade9a0a7b0d7f97a63ff1407235

SHA256
6489a5e581a85a0b0bbf1506c4866b1e06160922b78c91894ae634ca5a24727d

SHA512
e537b4410a538b89ff31d620bbb6e1ef9c6596839edf9e8c06af0bd624afe90eec2b787bb08a4cdba868bfff6afefc24166d4bd218b8a59a45faf76d60f2741e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\rwobject.cp311-win_amd64.pyd

Filesize
19KB

MD5
98548030c4ca160d56e161b58f6b3d09

SHA1
bf53abab8f2debaf4816c0c91c4c4c1347049c78

SHA256
dfc97b92ffc29d4ba20f86f01929ab3dfe2e3feafab761ce668ca56c829f60df

SHA512
040e08f370ac2d68bf7c8c257ab0428d444eb6f3cd3bfd265fde43472ff5bba1eba8df2f343b2c49be98f1daa8bbdcf03ba4c8ff5722f173611c80f4dde1008e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\surface.cp311-win_amd64.pyd

Filesize
233KB

MD5
c400369a1bfc34e7dab93036cf8eb4a8

SHA1
09ac0b2232410e327ea7a98f2d29a6b5aaf7719d

SHA256
be1b5bc8b0862d89b20a44d32dd84ce4baed8c71f27c0f1fb2127eb06bf4d5fa

SHA512
0e8ec4153d4a8ca8d962724cc68e7156c00fddad67d853f765a066c47df9c7aa9dad4792476237394f6aa453d2dd1ed3b6b57cfb86a1ad67ce4baa7259ed01fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\surflock.cp311-win_amd64.pyd

Filesize
13KB

MD5
6ab20f64af29d6febfbf31206c354107

SHA1
c8b8172df6ac9f925699aaa130a730e881bddaa6

SHA256
f6391eec227073537c4d6b221f3f03e6761657088aa21557dba57d5335454497

SHA512
a4b6af652bf07dd6b1cad4419490f018adaf4547de6d84741b3920f90c3ddb1109efbaea6031d78720b0e437bf9c3fda923c264fa28ec01282c870cc4c2cc521

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\python3.DLL

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\tcl86t.dll

Filesize
1.8MB

MD5
ac6cd2fb2cd91780db186b8d6e447b7c

SHA1
b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

SHA256
a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

SHA512
45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI41202\tk86t.dll

Filesize
1.5MB

MD5
499fa3dea045af56ee5356c0ce7d6ce2

SHA1
0444b7d4ecd25491245824c17b84916ee5b39f74

SHA256
20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

SHA512
d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\SDL2_image.dll

Filesize
122KB

MD5
b8d249a5e394b4e6a954c557af1b80e6

SHA1
b03bb9d09447114a018110bfb91d56ef8d5ec3bb

SHA256
1e364af75fee0c83506fbdfd4d5b0e386c4e9c6a33ddbddac61ddb131e360194

SHA512
2f2e248c3963711f1a9f5d8baea5b8527d1df1748cd7e33bf898a380ae748f7a65629438711ff9a5343e64762ec0b5dc478cdf19fbf7111dac9d11a8427e0007

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\_ctypes.pyd

Filesize
120KB

MD5
9b344f8d7ce5b57e397a475847cc5f66

SHA1
aff1ccc2608da022ecc8d0aba65d304fe74cdf71

SHA256
b1214d7b7efd9d4b0f465ec3463512a1cbc5f59686267030f072e6ce4b2a95cf

SHA512
2b0d9e1b550bf108fa842324ab26555f2a224aefff517fdb16df85693e05adaf0d77ebe49382848f1ec68dc9b5ae75027a62c33721e42a1566274d1a2b1baa41

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\_tkinter.pyd

Filesize
62KB

MD5
6352db60d88705ce62b5665764529006

SHA1
e7a22fd590661e91dfe5cace1adff17d7a3de5ec

SHA256
4536d9092a366426aa01e1800d9d4de669928bbcb277f2363d54df44da096c31

SHA512
78b19668c82aef75dcdf98fd0b90677f3530cb7e80dc7cfec5640637fecb3e5d4fb38c21051fc305133882d26c6f8ecb03825227a3d66c5045b968bdc624bd2c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pyexpat.pyd

Filesize
194KB

MD5
48e6930e3095f5a2dcf9baa67098acfb

SHA1
ddcd143f386e74e9820a3f838058c4caa7123a65

SHA256
c1ed7017ce55119df27563d470e7dc3fb29234a7f3cd5fc82d317b6fe559300b

SHA512
b50f42f6c7ddbd64bf0ff37f40b8036d253a235fb67693a7f1ed096f5c3b94c2bde67d0db63d84a8c710505a891b43f913e1b1044c42b0f5f333d0fe0386a62c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\SDL2.dll

Filesize
2.4MB

MD5
e83a90b09e6274a9a375d73fd130850c

SHA1
90635404abaa143603a4d18a6555837e2f764673

SHA256
c2325ce01734ee1abe0f2a040d2ca8551012be3820a1fb2f32530d872df19517

SHA512
863c55f9e5e636006ec388d7b253ce896ec4c05a09a960dedb02610ed3dd01bbc213f7cafe63ad3c38aef70a899fc6d056c24305485798797171f7546dbe3c13

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\base.cp311-win_amd64.pyd

Filesize
30KB

MD5
c690377883b1af9c73427a0aabdc0683

SHA1
7247d6f1bf13b55edb8571b46a5a8f7ad810b1ad

SHA256
ae552429c404d432bfc42179f992afc488ac749bae45c6e166f52a1073a0bb52

SHA512
040fdc6216e2630965818cad2610e38ff76e211e3d4391c7b615bdfc9342063098b7d90070d4448d7a62066ea384398ad37aef4c7e35bf2944fa0c33391bcbe1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\bufferproxy.cp311-win_amd64.pyd

Filesize
18KB

MD5
acde4e9c4421b6aa4189272c872031e5

SHA1
bc0f0120fd1a271565cdd9300023c23efc2fc424

SHA256
3193c3b89b0b2499ff87dc4ac744a04baf15202cdb96b9acf614255f1a0aa35b

SHA512
1031035b4a46cac05bc1ea3f095f082b447cd7ea6750b2de105ec93c242888144195345353089c75c7add79f2ceee9099a46114901185f42a40452d88bc77c93

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\color.cp311-win_amd64.pyd

Filesize
34KB

MD5
8721805dde08221a234808be93f66c89

SHA1
10257273956abc843a6ef9f5579514779e48b29e

SHA256
e388cc394e9b508ffa69dc4c1821b7c9db0fce6fdc1fd7dcdd0d39a2fd315977

SHA512
d0802280c6dc5ccd909fa84a5e77c75aedf6481a953d7004c7c5c77f944c3cf14957b996d90f10a767eceabe29aaa4e215bed251a929e9fe481c59a3a7a2f714

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\constants.cp311-win_amd64.pyd

Filesize
49KB

MD5
1882f4482f3ee42be955b00e857c4ca4

SHA1
415b1fb0beb3c1571b500d193477d2903f2dd39a

SHA256
b32c574b77e37a88ebd358be5c32f1fbf2dc73770b73fb79174d2032f928b728

SHA512
7b4b0c2eefaa97db52b5d890e15817823bffb7346753ea393c0e22056286bf2843e4127d56720f3b7d6de99b670fafd38ae1470f54ffed943fa34491590989a5

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\display.cp311-win_amd64.pyd

Filesize
43KB

MD5
17855c7ed451061d2b5692ed8111c46c

SHA1
ad5b2dcf725cf5c081bbc80772789750c1c75cd6

SHA256
b2ef54c1539bff1ade540d7668555dda2666fbf1e937b51c945bf39b4b3762a9

SHA512
570d899abe26d54d8ed49454b1d1a5f9b4eeac87d60a3c4544c9e99efe9af48e3c1e3bc7427984992a66e8d0f717e9842b51370a18262892a790c2e5b149d925

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\draw.cp311-win_amd64.pyd

Filesize
48KB

MD5
5873f3ad4a5e51ec06950f27f8543cfb

SHA1
6c51e3a022ab225a52846456591a7916a6803880

SHA256
31c9c1f79bb1931c2709214e75de5b377dbcfda9d223f2b742a4da9a11716444

SHA512
6c14b29383fecbe5a4c7905ade103b34ab13f3f8ac7c0d5958801c78a1baab3d76767aa622876e48553a286044aa99b9593092506fa40b74a04aa1949eddaf7d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\event.cp311-win_amd64.pyd

Filesize
42KB

MD5
ffc2f60b2c5511a3bd38ed35cb0c8bf5

SHA1
e1a106889ff4f53761f483bfb0e95c32a8ea1652

SHA256
596e47ee45cd5562d52e274f0fa8f43918acbd73cdf3d12791b68cbf5d9ac200

SHA512
1c6ad48c2228443aff650eaa1124187df7c229c4e287495dc0ff8b057c757eaee80745e08ea050f26110d2664c46b7e84416ce98f0da94906c1cd8368ccf8ce4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\image.cp311-win_amd64.pyd

Filesize
29KB

MD5
2f28fa774fe94dcc02b008636a975026

SHA1
b0bb1c96599079ee9cf212d8980c80d49ac4b945

SHA256
ee830dda08f8fdd89e4860ec309a5547d25db560520f00d5534236a78a986c8d

SHA512
7a7b7c0e0d3ec9841677f6357fe7046f94532d6bb4790eab96c25de9a96941b6b1df91e35ab7d98fbb66c2314e96241bad7b92e508b564b5a112326728d0de5c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\imageext.cp311-win_amd64.pyd

Filesize
17KB

MD5
699c62022bfb7d3e563526bac7307876

SHA1
3438b30890c106d74b0d4db494062d3cbe4e19bd

SHA256
440c609c9abebc31a3be1ca1700af5a62f0213330d14bc1517d8670d9bbf7e50

SHA512
879599fe79cd9ece82be633b7c22111679dcc787dbcfd07e1b89db08d6f18797dc2897971a481c6c9dd1c5be31a995665f45994a18f307ab118162e1529f3c51

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\math.cp311-win_amd64.pyd

Filesize
74KB

MD5
4568b7dc68a058eaed64553980f6cc79

SHA1
49b7b44522b403408e687b86af9cf244faf9729e

SHA256
38c3f1344b11485e1ece093097f5550e765ced9c75dfccfe07fe5e2010e3bdff

SHA512
d58971829e1c6f275ff10ec6d3ff2c96c686af2fcb3da63c218966139460534be77a00e51b0c809febd52c5e6688c838af7e826f6851d66fe6f4019c9cc41136

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\rect.cp311-win_amd64.pyd

Filesize
43KB

MD5
93a4f6046b4ebed66ea7d89693291550

SHA1
62a52c8933558ade9a0a7b0d7f97a63ff1407235

SHA256
6489a5e581a85a0b0bbf1506c4866b1e06160922b78c91894ae634ca5a24727d

SHA512
e537b4410a538b89ff31d620bbb6e1ef9c6596839edf9e8c06af0bd624afe90eec2b787bb08a4cdba868bfff6afefc24166d4bd218b8a59a45faf76d60f2741e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\rwobject.cp311-win_amd64.pyd

Filesize
19KB

MD5
98548030c4ca160d56e161b58f6b3d09

SHA1
bf53abab8f2debaf4816c0c91c4c4c1347049c78

SHA256
dfc97b92ffc29d4ba20f86f01929ab3dfe2e3feafab761ce668ca56c829f60df

SHA512
040e08f370ac2d68bf7c8c257ab0428d444eb6f3cd3bfd265fde43472ff5bba1eba8df2f343b2c49be98f1daa8bbdcf03ba4c8ff5722f173611c80f4dde1008e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\surface.cp311-win_amd64.pyd

Filesize
233KB

MD5
c400369a1bfc34e7dab93036cf8eb4a8

SHA1
09ac0b2232410e327ea7a98f2d29a6b5aaf7719d

SHA256
be1b5bc8b0862d89b20a44d32dd84ce4baed8c71f27c0f1fb2127eb06bf4d5fa

SHA512
0e8ec4153d4a8ca8d962724cc68e7156c00fddad67d853f765a066c47df9c7aa9dad4792476237394f6aa453d2dd1ed3b6b57cfb86a1ad67ce4baa7259ed01fd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\pygame\surflock.cp311-win_amd64.pyd

Filesize
13KB

MD5
6ab20f64af29d6febfbf31206c354107

SHA1
c8b8172df6ac9f925699aaa130a730e881bddaa6

SHA256
f6391eec227073537c4d6b221f3f03e6761657088aa21557dba57d5335454497

SHA512
a4b6af652bf07dd6b1cad4419490f018adaf4547de6d84741b3920f90c3ddb1109efbaea6031d78720b0e437bf9c3fda923c264fa28ec01282c870cc4c2cc521

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\python3.dll

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\python3.dll

Filesize
65KB

MD5
7442c154565f1956d409092ede9cc310

SHA1
c72f9c99ea56c8fb269b4d6b3507b67e80269c2d

SHA256
95086ac060ffe6933ac04a6aa289b1c7d321f14380315e24ba0d6c4adfa0842b

SHA512
2bf96828534bcdf71e48d1948b989011d8e3ba757c38cc17905a13d3021ea5deb57e2c68d79507a6acbb62be009cfc85b24d14543958dba1d3bc3e4ca7d4f844

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\tcl86t.dll

Filesize
1.8MB

MD5
ac6cd2fb2cd91780db186b8d6e447b7c

SHA1
b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

SHA256
a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

SHA512
45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI41202\tk86t.dll

Filesize
1.5MB

MD5
499fa3dea045af56ee5356c0ce7d6ce2

SHA1
0444b7d4ecd25491245824c17b84916ee5b39f74

SHA256
20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

SHA512
d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

Download Submit
memory/4916-1226-0x00007FF978D30000-0x00007FF978F9E000-memory.dmp

Filesize
2.4MB

Download
memory/4916-1246-0x00007FF978D30000-0x00007FF978F9E000-memory.dmp

Filesize
2.4MB

Download
memory/4916-1214-0x0000000068B40000-0x0000000068B7C000-memory.dmp

Filesize
240KB

Download
memory/4916-1215-0x0000000062E80000-0x0000000062EA4000-memory.dmp

Filesize
144KB

Download
memory/4916-1216-0x00007FF9788E0000-0x00007FF978A62000-memory.dmp

Filesize
1.5MB

Download
memory/4916-1217-0x00007FF979F80000-0x00007FF979FD1000-memory.dmp

Filesize
324KB

Download
memory/4916-1218-0x00007FF968F70000-0x00007FF96AE1F000-memory.dmp

Filesize
30.7MB

Download
memory/4916-1212-0x00007FF978D30000-0x00007FF978F9E000-memory.dmp

Filesize
2.4MB

Download
memory/4916-1233-0x00007FF978D30000-0x00007FF978F9E000-memory.dmp

Filesize
2.4MB

Download
memory/4916-1213-0x000000006A880000-0x000000006A8A7000-memory.dmp

Filesize
156KB

Download
memory/4916-1250-0x00007FF9788E0000-0x00007FF978A62000-memory.dmp

Filesize
1.5MB

Download
memory/4916-1251-0x00007FF979F80000-0x00007FF979FD1000-memory.dmp

Filesize
324KB

Download
memory/4916-1253-0x00007FF978D30000-0x00007FF978F9E000-memory.dmp

Filesize
2.4MB

Download
memory/4916-1268-0x00007FF978D30000-0x00007FF978F9E000-memory.dmp

Filesize
2.4MB

Download
memory/4916-1269-0x000000006A880000-0x000000006A8A7000-memory.dmp

Filesize
156KB

Download
memory/4916-1270-0x0000000068B40000-0x0000000068B7C000-memory.dmp

Filesize
240KB

Download
memory/4916-1271-0x0000000062E80000-0x0000000062EA4000-memory.dmp

Filesize
144KB

Download
memory/4916-1272-0x00007FF9788E0000-0x00007FF978A62000-memory.dmp

Filesize
1.5MB

Download
memory/4916-1273-0x00007FF979F80000-0x00007FF979FD1000-memory.dmp

Filesize
324KB

Download
memory/4916-1274-0x00007FF968F70000-0x00007FF96AE1F000-memory.dmp

Filesize
30.7MB

Download