9020f10d485c638a686cd6373ec581d0c58acdd7c9bd8e60ef62ab62f09adbce

Analysis

max time kernel
94s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2023 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

15.3MB
MD5

3420067dd629d73f8675b63722043d3c
SHA1

42c49c1fb1ef685bf1ac21bc5eda7bbe2645c1c2
SHA256

9020f10d485c638a686cd6373ec581d0c58acdd7c9bd8e60ef62ab62f09adbce
SHA512

0634cf5fcbaf680108b9713cfee06b85f7a2d62ef52317565cf09b289d6d6dfde1862520e32086ed0ccc387c3277901bfba15a97212be57ce2f44c5f481ee1e4
SSDEEP

393216:wu7L/Z+y0LLNh74hCm9c5hlE1/m3pCdPN85Wa3QuWqVU/Px7t4Q:wCLB+bPjsMiEh+KCX3a3QuLm/Y

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 34 IoCs

pid	Process
4504	xxstrings.exe
4172	xxstrings.exe
3248	xxstrings.exe
4336	PI.exe
1564	PI.exe
3896	PI.exe
3448	PI.exe
3764	PI.exe
1432	PI.exe
3632	PI.exe
2892	PI.exe
3760	PI.exe
496	PI.exe
2196	PI.exe
4148	PI.exe
1420	PI.exe
1932	PI.exe
3892	PI.exe
1448	PI.exe
228	PI.exe
3096	PI.exe
4968	PI.exe
1160	PI.exe
3816	PI.exe
3268	PI.exe
1756	PI.exe
4592	PI.exe
4840	PI.exe
1636	PI.exe
4724	PI.exe
5048	PI.exe
4688	PI.exe
4044	PI.exe
1996	PI.exe

Loads dropped DLL 59 IoCs

pid	Process
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
4504	xxstrings.exe
4504	xxstrings.exe
4504	xxstrings.exe
4172	xxstrings.exe
4172	xxstrings.exe
4172	xxstrings.exe
3248	xxstrings.exe
3248	xxstrings.exe
3248	xxstrings.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
29	ifconfig.me
32	ifconfig.me
28	ifconfig.me

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe
928	main.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
928	main.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 35	928	main.exe
Token: SeDebugPrivilege	928	main.exe
Token: SeIncreaseQuotaPrivilege	1064	WMIC.exe
Token: SeSecurityPrivilege	1064	WMIC.exe
Token: SeTakeOwnershipPrivilege	1064	WMIC.exe
Token: SeLoadDriverPrivilege	1064	WMIC.exe
Token: SeSystemProfilePrivilege	1064	WMIC.exe
Token: SeSystemtimePrivilege	1064	WMIC.exe
Token: SeProfSingleProcessPrivilege	1064	WMIC.exe
Token: SeIncBasePriorityPrivilege	1064	WMIC.exe
Token: SeCreatePagefilePrivilege	1064	WMIC.exe
Token: SeBackupPrivilege	1064	WMIC.exe
Token: SeRestorePrivilege	1064	WMIC.exe
Token: SeShutdownPrivilege	1064	WMIC.exe
Token: SeDebugPrivilege	1064	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1064	WMIC.exe
Token: SeRemoteShutdownPrivilege	1064	WMIC.exe
Token: SeUndockPrivilege	1064	WMIC.exe
Token: SeManageVolumePrivilege	1064	WMIC.exe
Token: 33	1064	WMIC.exe
Token: 34	1064	WMIC.exe
Token: 35	1064	WMIC.exe
Token: 36	1064	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1064	WMIC.exe
Token: SeSecurityPrivilege	1064	WMIC.exe
Token: SeTakeOwnershipPrivilege	1064	WMIC.exe
Token: SeLoadDriverPrivilege	1064	WMIC.exe
Token: SeSystemProfilePrivilege	1064	WMIC.exe
Token: SeSystemtimePrivilege	1064	WMIC.exe
Token: SeProfSingleProcessPrivilege	1064	WMIC.exe
Token: SeIncBasePriorityPrivilege	1064	WMIC.exe
Token: SeCreatePagefilePrivilege	1064	WMIC.exe
Token: SeBackupPrivilege	1064	WMIC.exe
Token: SeRestorePrivilege	1064	WMIC.exe
Token: SeShutdownPrivilege	1064	WMIC.exe
Token: SeDebugPrivilege	1064	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1064	WMIC.exe
Token: SeRemoteShutdownPrivilege	1064	WMIC.exe
Token: SeUndockPrivilege	1064	WMIC.exe
Token: SeManageVolumePrivilege	1064	WMIC.exe
Token: 33	1064	WMIC.exe
Token: 34	1064	WMIC.exe
Token: 35	1064	WMIC.exe
Token: 36	1064	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4504	xxstrings.exe
Token: SeSecurityPrivilege	4504	xxstrings.exe
Token: SeTakeOwnershipPrivilege	4504	xxstrings.exe
Token: SeLoadDriverPrivilege	4504	xxstrings.exe
Token: SeSystemProfilePrivilege	4504	xxstrings.exe
Token: SeSystemtimePrivilege	4504	xxstrings.exe
Token: SeProfSingleProcessPrivilege	4504	xxstrings.exe
Token: SeIncBasePriorityPrivilege	4504	xxstrings.exe
Token: SeCreatePagefilePrivilege	4504	xxstrings.exe
Token: SeBackupPrivilege	4504	xxstrings.exe
Token: SeRestorePrivilege	4504	xxstrings.exe
Token: SeShutdownPrivilege	4504	xxstrings.exe
Token: SeDebugPrivilege	4504	xxstrings.exe
Token: SeSystemEnvironmentPrivilege	4504	xxstrings.exe
Token: SeChangeNotifyPrivilege	4504	xxstrings.exe
Token: SeRemoteShutdownPrivilege	4504	xxstrings.exe
Token: SeUndockPrivilege	4504	xxstrings.exe
Token: SeManageVolumePrivilege	4504	xxstrings.exe
Token: SeImpersonatePrivilege	4504	xxstrings.exe
Token: SeCreateGlobalPrivilege	4504	xxstrings.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
928	main.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3152 wrote to memory of 928	3152	main.exe	83
PID 3152 wrote to memory of 928	3152	main.exe	83
PID 928 wrote to memory of 1996	928	main.exe	84
PID 928 wrote to memory of 1996	928	main.exe	84
PID 1996 wrote to memory of 1064	1996	cmd.exe	86
PID 1996 wrote to memory of 1064	1996	cmd.exe	86
PID 928 wrote to memory of 4100	928	main.exe	95
PID 928 wrote to memory of 4100	928	main.exe	95
PID 4100 wrote to memory of 4504	4100	cmd.exe	97
PID 4100 wrote to memory of 4504	4100	cmd.exe	97
PID 928 wrote to memory of 4912	928	main.exe	98
PID 928 wrote to memory of 4912	928	main.exe	98
PID 4912 wrote to memory of 4172	4912	cmd.exe	100
PID 4912 wrote to memory of 4172	4912	cmd.exe	100
PID 928 wrote to memory of 4696	928	main.exe	101
PID 928 wrote to memory of 4696	928	main.exe	101
PID 4696 wrote to memory of 3248	4696	cmd.exe	103
PID 4696 wrote to memory of 3248	4696	cmd.exe	103
PID 928 wrote to memory of 2576	928	main.exe	104
PID 928 wrote to memory of 2576	928	main.exe	104
PID 2576 wrote to memory of 4336	2576	cmd.exe	106
PID 2576 wrote to memory of 4336	2576	cmd.exe	106
PID 928 wrote to memory of 1756	928	main.exe	107
PID 928 wrote to memory of 1756	928	main.exe	107
PID 1756 wrote to memory of 1564	1756	cmd.exe	109
PID 1756 wrote to memory of 1564	1756	cmd.exe	109
PID 928 wrote to memory of 996	928	main.exe	110
PID 928 wrote to memory of 996	928	main.exe	110
PID 996 wrote to memory of 3896	996	cmd.exe	112
PID 996 wrote to memory of 3896	996	cmd.exe	112
PID 928 wrote to memory of 3596	928	main.exe	113
PID 928 wrote to memory of 3596	928	main.exe	113
PID 3596 wrote to memory of 3448	3596	cmd.exe	115
PID 3596 wrote to memory of 3448	3596	cmd.exe	115
PID 928 wrote to memory of 3936	928	main.exe	116
PID 928 wrote to memory of 3936	928	main.exe	116
PID 3936 wrote to memory of 3764	3936	cmd.exe	118
PID 3936 wrote to memory of 3764	3936	cmd.exe	118
PID 928 wrote to memory of 3492	928	main.exe	119
PID 928 wrote to memory of 3492	928	main.exe	119
PID 3492 wrote to memory of 1432	3492	cmd.exe	121
PID 3492 wrote to memory of 1432	3492	cmd.exe	121
PID 928 wrote to memory of 3824	928	main.exe	122
PID 928 wrote to memory of 3824	928	main.exe	122
PID 3824 wrote to memory of 3632	3824	cmd.exe	124
PID 3824 wrote to memory of 3632	3824	cmd.exe	124
PID 928 wrote to memory of 1396	928	main.exe	125
PID 928 wrote to memory of 1396	928	main.exe	125
PID 1396 wrote to memory of 2892	1396	cmd.exe	127
PID 1396 wrote to memory of 2892	1396	cmd.exe	127
PID 928 wrote to memory of 3924	928	main.exe	128
PID 928 wrote to memory of 3924	928	main.exe	128
PID 3924 wrote to memory of 3760	3924	cmd.exe	130
PID 3924 wrote to memory of 3760	3924	cmd.exe	130
PID 928 wrote to memory of 3680	928	main.exe	131
PID 928 wrote to memory of 3680	928	main.exe	131
PID 3680 wrote to memory of 496	3680	cmd.exe	133
PID 3680 wrote to memory of 496	3680	cmd.exe	133
PID 928 wrote to memory of 824	928	main.exe	134
PID 928 wrote to memory of 824	928	main.exe	134
PID 824 wrote to memory of 2196	824	cmd.exe	136
PID 824 wrote to memory of 2196	824	cmd.exe	136
PID 928 wrote to memory of 1628	928	main.exe	137
PID 928 wrote to memory of 1628	928	main.exe	137

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3152
- C:\Users\Admin\AppData\Local\Temp\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1996
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\xxstrings.exe -p 1908 -l 8"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\xxstrings.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\xxstrings.exe -p 1908 -l 8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:4504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\xxstrings.exe -p None -l 8"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\xxstrings.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\xxstrings.exe -p None -l 8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\xxstrings.exe -p None -l 8"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\xxstrings.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\xxstrings.exe -p None -l 8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe"
      4⤵
      Executes dropped EXE
      PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe"
      4⤵
      Executes dropped EXE
      PID:1564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:996
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"
      4⤵
      Executes dropped EXE
      PID:3896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe"
      4⤵
      Executes dropped EXE
      PID:3448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\shutdown.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\shutdown.exe"
      4⤵
      Executes dropped EXE
      PID:3764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\odt\office2016setup.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\odt\office2016setup.exe"
      4⤵
      Executes dropped EXE
      PID:1432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files\Microsoft Office\root\Office16\WINWORD.EXE""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
      4⤵
      Executes dropped EXE
      PID:3632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files\Internet Explorer\iexplore.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Executes dropped EXE
      PID:2892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
      4⤵
      Executes dropped EXE
      PID:3760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\cmd.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\cmd.exe"
      4⤵
      Executes dropped EXE
      PID:496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"
      4⤵
      Executes dropped EXE
      PID:2196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "LangID""
    3⤵
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "LangID"
      4⤵
      Executes dropped EXE
      PID:4148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Program Files\Microsoft Office\root\Office16\Winword.exe""
    3⤵
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Program Files\Microsoft Office\root\Office16\Winword.exe"
      4⤵
      Executes dropped EXE
      PID:1420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\Dism.exe""
    3⤵
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\Dism.exe"
      4⤵
      Executes dropped EXE
      PID:1932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\ipconfig.exe""
    3⤵
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\ipconfig.exe"
      4⤵
      Executes dropped EXE
      PID:3892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013_1\FileSyncConfig.exe""
    3⤵
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\19.043.0304.0013_1\FileSyncConfig.exe"
      4⤵
      Executes dropped EXE
      PID:1448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE""
    3⤵
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"
      4⤵
      Executes dropped EXE
      PID:228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Program Files\Internet Explorer\iexplore.exe""
    3⤵
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Executes dropped EXE
      PID:3096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\main.exe""
    3⤵
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\main.exe"
      4⤵
      Executes dropped EXE
      PID:4968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe""
    3⤵
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
      4⤵
      Executes dropped EXE
      PID:1160
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe""
    3⤵
    PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe"
      4⤵
      Executes dropped EXE
      PID:3816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\WindowsPowerShell\v1.0\powershell.exe""
    3⤵
    PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
      4⤵
      Executes dropped EXE
      PID:3268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\SysWOW64\msiexec.exe""
    3⤵
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\SysWOW64\msiexec.exe"
      4⤵
      Executes dropped EXE
      PID:1756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\oobe\FirstLogonAnim.exe""
    3⤵
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\oobe\FirstLogonAnim.exe"
      4⤵
      Executes dropped EXE
      PID:4592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\wbem\WMIC.exe""
    3⤵
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\wbem\WMIC.exe"
      4⤵
      Executes dropped EXE
      PID:4840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe""
    3⤵
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      Executes dropped EXE
      PID:1636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\wlrmdr.exe""
    3⤵
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\wlrmdr.exe"
      4⤵
      Executes dropped EXE
      PID:4724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe""
    3⤵
    PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
      4⤵
      Executes dropped EXE
      PID:5048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\explorer.exe""
    3⤵
    PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\explorer.exe"
      4⤵
      Executes dropped EXE
      PID:4688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\certutil.exe""
    3⤵
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\System32\certutil.exe"
      4⤵
      Executes dropped EXE
      PID:4044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe""
    3⤵
    PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI31522\PI.exe "\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"
      4⤵
      Executes dropped EXE
      PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI31522\MSVCP140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\MSVCP140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\VCRUNTIME140.dll

Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\VCRUNTIME140.dll

Filesize
85KB

MD5
89a24c66e7a522f1e0016b1d0b4316dc

SHA1
5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42

SHA256
3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6

SHA512
e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_bz2.pyd

Filesize
92KB

MD5
cf77513525fc652bad6c7f85e192e94b

SHA1
23ec3bb9cdc356500ec192cac16906864d5e9a81

SHA256
8bce02e8d44003c5301608b1722f7e26aada2a03d731fa92a48c124db40e2e41

SHA512
dbc1ba8794ce2d027145c78b7e1fc842ffbabb090abf9c29044657bdecd44396014b4f7c2b896de18aad6cfa113a4841a9ca567e501a6247832b205fe39584a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_bz2.pyd

Filesize
92KB

MD5
cf77513525fc652bad6c7f85e192e94b

SHA1
23ec3bb9cdc356500ec192cac16906864d5e9a81

SHA256
8bce02e8d44003c5301608b1722f7e26aada2a03d731fa92a48c124db40e2e41

SHA512
dbc1ba8794ce2d027145c78b7e1fc842ffbabb090abf9c29044657bdecd44396014b4f7c2b896de18aad6cfa113a4841a9ca567e501a6247832b205fe39584a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_cffi_backend.cp37-win_amd64.pyd

Filesize
177KB

MD5
daccb97b9214bb1366ed40ad583679a2

SHA1
89554e638b62be5f388c9bdd35d9daf53a240e0c

SHA256
b714423d9cad42e67937531f2634001a870f8be2bf413eacfc9f73ef391a7915

SHA512
99fd5c80372d878f722e4bcb1b8c8c737600961d3a9dffc3e8277e024aaac8648c64825820e20da1ab9ad9180501218c6d796af1905d8845d41c6dbb4c6ebab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_cffi_backend.cp37-win_amd64.pyd

Filesize
177KB

MD5
daccb97b9214bb1366ed40ad583679a2

SHA1
89554e638b62be5f388c9bdd35d9daf53a240e0c

SHA256
b714423d9cad42e67937531f2634001a870f8be2bf413eacfc9f73ef391a7915

SHA512
99fd5c80372d878f722e4bcb1b8c8c737600961d3a9dffc3e8277e024aaac8648c64825820e20da1ab9ad9180501218c6d796af1905d8845d41c6dbb4c6ebab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_ctypes.pyd

Filesize
129KB

MD5
5e869eebb6169ce66225eb6725d5be4a

SHA1
747887da0d7ab152e1d54608c430e78192d5a788

SHA256
430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173

SHA512
feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_ctypes.pyd

Filesize
129KB

MD5
5e869eebb6169ce66225eb6725d5be4a

SHA1
747887da0d7ab152e1d54608c430e78192d5a788

SHA256
430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173

SHA512
feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_decimal.pyd

Filesize
261KB

MD5
75a0542682d8f534f4a1ba48eb32218f

SHA1
a9b878f45b575a0502003ebcfe3d6eb9ac7dd126

SHA256
5767525d2cdd2a89de97a11784ec0769c30935302c135f087b09894f8865be8b

SHA512
4682b8e4a81f7effc89d580dca10ccfccebe562c2745626833cd5818de9753c3a1e064a47c7ddc4676b6e1c7071c484156fabe98e423e625bb5d2c2b843c33de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_decimal.pyd

Filesize
261KB

MD5
75a0542682d8f534f4a1ba48eb32218f

SHA1
a9b878f45b575a0502003ebcfe3d6eb9ac7dd126

SHA256
5767525d2cdd2a89de97a11784ec0769c30935302c135f087b09894f8865be8b

SHA512
4682b8e4a81f7effc89d580dca10ccfccebe562c2745626833cd5818de9753c3a1e064a47c7ddc4676b6e1c7071c484156fabe98e423e625bb5d2c2b843c33de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_hashlib.pyd

Filesize
38KB

MD5
b32cb9615a9bada55e8f20dcea2fbf48

SHA1
a9c6e2d44b07b31c898a6d83b7093bf90915062d

SHA256
ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5

SHA512
5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_hashlib.pyd

Filesize
38KB

MD5
b32cb9615a9bada55e8f20dcea2fbf48

SHA1
a9c6e2d44b07b31c898a6d83b7093bf90915062d

SHA256
ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5

SHA512
5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_lzma.pyd

Filesize
172KB

MD5
5fbb728a3b3abbdd830033586183a206

SHA1
066fde2fa80485c4f22e0552a4d433584d672a54

SHA256
f9bc6036d9e4d57d08848418367743fb608434c04434ab07da9dabe4725f9a9b

SHA512
31e7c9fe9d8680378f8e3ea4473461ba830df2d80a3e24e5d02a106128d048430e5d5558c0b99ec51c3d1892c76e4baa14d63d1ec1fc6b1728858aa2a255b2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_lzma.pyd

Filesize
172KB

MD5
5fbb728a3b3abbdd830033586183a206

SHA1
066fde2fa80485c4f22e0552a4d433584d672a54

SHA256
f9bc6036d9e4d57d08848418367743fb608434c04434ab07da9dabe4725f9a9b

SHA512
31e7c9fe9d8680378f8e3ea4473461ba830df2d80a3e24e5d02a106128d048430e5d5558c0b99ec51c3d1892c76e4baa14d63d1ec1fc6b1728858aa2a255b2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_queue.pyd

Filesize
27KB

MD5
c0a70188685e44e73576e3cd63fc1f68

SHA1
36f88ca5c1dda929b932d656368515e851aeb175

SHA256
e499824d58570c3130ba8ef1ac2d503e71f916c634b2708cc22e95c223f83d0a

SHA512
b9168bf1b98da4a9dfd7b1b040e1214fd69e8dfc2019774890291703ab48075c791cc27af5d735220bd25c47643f098820563dc537748471765aff164b00a4aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_queue.pyd

Filesize
27KB

MD5
c0a70188685e44e73576e3cd63fc1f68

SHA1
36f88ca5c1dda929b932d656368515e851aeb175

SHA256
e499824d58570c3130ba8ef1ac2d503e71f916c634b2708cc22e95c223f83d0a

SHA512
b9168bf1b98da4a9dfd7b1b040e1214fd69e8dfc2019774890291703ab48075c791cc27af5d735220bd25c47643f098820563dc537748471765aff164b00a4aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_socket.pyd

Filesize
75KB

MD5
8ea18d0eeae9044c278d2ea7a1dbae36

SHA1
de210842da8cb1cb14318789575d65117d14e728

SHA256
9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

SHA512
d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_socket.pyd

Filesize
75KB

MD5
8ea18d0eeae9044c278d2ea7a1dbae36

SHA1
de210842da8cb1cb14318789575d65117d14e728

SHA256
9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2

SHA512
d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_ssl.pyd

Filesize
118KB

MD5
5a393bb4f3ae499541356e57a766eb6a

SHA1
908f68f4ea1a754fd31edb662332cf0df238cf9a

SHA256
b6593b3af0e993fd5043a7eab327409f4bf8cdcd8336aca97dbe6325aefdb047

SHA512
958584fd4efaa5dd301cbcecbfc8927f9d2caec9e2826b2af9257c5eefb4b0b81dbbadbd3c1d867f56705c854284666f98d428dc2377ccc49f8e1f9bbbed158f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\_ssl.pyd

Filesize
118KB

MD5
5a393bb4f3ae499541356e57a766eb6a

SHA1
908f68f4ea1a754fd31edb662332cf0df238cf9a

SHA256
b6593b3af0e993fd5043a7eab327409f4bf8cdcd8336aca97dbe6325aefdb047

SHA512
958584fd4efaa5dd301cbcecbfc8927f9d2caec9e2826b2af9257c5eefb4b0b81dbbadbd3c1d867f56705c854284666f98d428dc2377ccc49f8e1f9bbbed158f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\base_library.zip

Filesize
1000KB

MD5
90c0898cd529e19ba0c800d0e1f42a2a

SHA1
35882c9e2519be24ad4625031c942722946e791e

SHA256
980eab75d2e03b71fa4327da3a3126ad6980ff60a5cf9ad2b96ce06ad15ae3bd

SHA512
3527929f185b4a044d925c8cca0fc028d470c48756623762722bce483f9b9541d073bee69529c5b4c7b0b9e3b81307fa3afd0a7a4d9df60f93c66b85af6cce46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\dearpygui\VCRUNTIME140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\dearpygui\VCRUNTIME140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\dearpygui\VCRUNTIME140_1.dll

Filesize
35KB

MD5
ab03551e4ef279abed2d8c4b25f35bb8

SHA1
09bc7e4e1a8d79ee23c0c9c26b1ea39de12a550e

SHA256
f8bc270449ca6bb6345e88be3632d465c0a7595197c7954357dc5066ed50ae44

SHA512
0e7533b8d7e5019ffd1e73937c1627213711725e88c6d7321588f7fffe9e1b4ef5c38311548adbd2c0ee9b407135646593bf1498cbee92275f4e0a22ace78909

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\dearpygui\_dearpygui.pyd

Filesize
3.7MB

MD5
3abb7c22f0a02351acaaa60f8fdd98f1

SHA1
e2ffcbe7b106541a2b1e733babe33e0847aa6dc5

SHA256
6969ec05f2f98dc019f2a0d176e3081221a1e82acc370b6dac2c866a79e32837

SHA512
b6aac5d9459503868a2eac166f72400344c63bcfc9767a659ad1e075cfcbd12725551a72a91937cac088e3d6c7059f28955a5dbe0506bd50343253455ec54d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\dearpygui\_dearpygui.pyd

Filesize
3.7MB

MD5
3abb7c22f0a02351acaaa60f8fdd98f1

SHA1
e2ffcbe7b106541a2b1e733babe33e0847aa6dc5

SHA256
6969ec05f2f98dc019f2a0d176e3081221a1e82acc370b6dac2c866a79e32837

SHA512
b6aac5d9459503868a2eac166f72400344c63bcfc9767a659ad1e075cfcbd12725551a72a91937cac088e3d6c7059f28955a5dbe0506bd50343253455ec54d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\libcrypto-1_1.dll

Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\libcrypto-1_1.dll

Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\libssl-1_1.dll

Filesize
673KB

MD5
bc778f33480148efa5d62b2ec85aaa7d

SHA1
b1ec87cbd8bc4398c6ebb26549961c8aab53d855

SHA256
9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

SHA512
80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\libssl-1_1.dll

Filesize
673KB

MD5
bc778f33480148efa5d62b2ec85aaa7d

SHA1
b1ec87cbd8bc4398c6ebb26549961c8aab53d855

SHA256
9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

SHA512
80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\psutil\_psutil_windows.pyd

Filesize
76KB

MD5
ebefbc98d468560b222f2d2d30ebb95c

SHA1
ee267e3a6e5bed1a15055451efcccac327d2bc43

SHA256
67c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478

SHA512
ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\psutil\_psutil_windows.pyd

Filesize
76KB

MD5
ebefbc98d468560b222f2d2d30ebb95c

SHA1
ee267e3a6e5bed1a15055451efcccac327d2bc43

SHA256
67c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478

SHA512
ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\pyexpat.pyd

Filesize
198KB

MD5
6500aa010c8b50ffd1544f08af03fa4f

SHA1
a03f9f70d4ecc565f0fae26ef690d63e3711a20a

SHA256
752cf6804aac09480bf1e839a26285ec2668405010ed7ffd2021596e49b94dec

SHA512
f5f0521039c816408a5dd8b7394f9db5250e6dc14c0328898f1bed5de1e8a26338a678896f20aafa13c56b903b787f274d3dec467808787d00c74350863175d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\pyexpat.pyd

Filesize
198KB

MD5
6500aa010c8b50ffd1544f08af03fa4f

SHA1
a03f9f70d4ecc565f0fae26ef690d63e3711a20a

SHA256
752cf6804aac09480bf1e839a26285ec2668405010ed7ffd2021596e49b94dec

SHA512
f5f0521039c816408a5dd8b7394f9db5250e6dc14c0328898f1bed5de1e8a26338a678896f20aafa13c56b903b787f274d3dec467808787d00c74350863175d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\python3.DLL

Filesize
57KB

MD5
274853e19235d411a751a750c54b9893

SHA1
97bd15688b549cd5dbf49597af508c72679385af

SHA256
d21eb0fd1b2883e9e0b736b43cbbef9dfa89e31fee4d32af9ad52c3f0484987b

SHA512
580fa23cbe71ae4970a608c8d1ab88fe3f7562ed18398c73b14d5a3e008ea77df3e38abf97c12512786391ee403f675a219fbf5afe5c8cea004941b1d1d02a48

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\python3.dll

Filesize
57KB

MD5
274853e19235d411a751a750c54b9893

SHA1
97bd15688b549cd5dbf49597af508c72679385af

SHA256
d21eb0fd1b2883e9e0b736b43cbbef9dfa89e31fee4d32af9ad52c3f0484987b

SHA512
580fa23cbe71ae4970a608c8d1ab88fe3f7562ed18398c73b14d5a3e008ea77df3e38abf97c12512786391ee403f675a219fbf5afe5c8cea004941b1d1d02a48

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\python37.dll

Filesize
3.6MB

MD5
c4709f84e6cf6e082b80c80b87abe551

SHA1
c0c55b229722f7f2010d34e26857df640182f796

SHA256
ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

SHA512
e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\python37.dll

Filesize
3.6MB

MD5
c4709f84e6cf6e082b80c80b87abe551

SHA1
c0c55b229722f7f2010d34e26857df640182f796

SHA256
ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3

SHA512
e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\pywin32_system32\pythoncom37.dll

Filesize
680KB

MD5
53cf89c12cd651b824bf19ea86822b7e

SHA1
da16db3464f268c202670d0b379c24e3cf8a886a

SHA256
1dd7f1beb75529a090e8157bac0cac3c55ed49579b48d8bcab6fc756931662fb

SHA512
3ad7c7c6ba790ae4f5eef055a4af1611b5b02331abe64a4923c699cafdeafd28da307d67d3a77ea2284f6824ed04300aa46a2e7f95d8a11acebc3a8d181d4e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\pywin32_system32\pythoncom37.dll

Filesize
680KB

MD5
53cf89c12cd651b824bf19ea86822b7e

SHA1
da16db3464f268c202670d0b379c24e3cf8a886a

SHA256
1dd7f1beb75529a090e8157bac0cac3c55ed49579b48d8bcab6fc756931662fb

SHA512
3ad7c7c6ba790ae4f5eef055a4af1611b5b02331abe64a4923c699cafdeafd28da307d67d3a77ea2284f6824ed04300aa46a2e7f95d8a11acebc3a8d181d4e92

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\pywin32_system32\pywintypes37.dll

Filesize
133KB

MD5
f9d8093503c0eb02a2d30db794dbaa81

SHA1
d11ac482caef0a4f3b008644e34b5c962c69a3af

SHA256
47cfa248363c3e5e3c2fcd847bd73435890bac14c3403f2841fd5e138f936869

SHA512
c4ce86cecef6e2b3785f076667381f3e8e4b7d9e6e7c9e48d2fedde83670df61c51bdd852c3fadc826bee6025d9c22a1cd2f1ba255a7123047ac11e2ed262fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\pywin32_system32\pywintypes37.dll

Filesize
133KB

MD5
f9d8093503c0eb02a2d30db794dbaa81

SHA1
d11ac482caef0a4f3b008644e34b5c962c69a3af

SHA256
47cfa248363c3e5e3c2fcd847bd73435890bac14c3403f2841fd5e138f936869

SHA512
c4ce86cecef6e2b3785f076667381f3e8e4b7d9e6e7c9e48d2fedde83670df61c51bdd852c3fadc826bee6025d9c22a1cd2f1ba255a7123047ac11e2ed262fdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\select.pyd

Filesize
26KB

MD5
fb4a0d7abaeaa76676846ad0f08fefa5

SHA1
755fd998215511506edd2c5c52807b46ca9393b2

SHA256
65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

SHA512
f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\select.pyd

Filesize
26KB

MD5
fb4a0d7abaeaa76676846ad0f08fefa5

SHA1
755fd998215511506edd2c5c52807b46ca9393b2

SHA256
65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429

SHA512
f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\simplejson\_speedups.cp37-win_amd64.pyd

Filesize
39KB

MD5
de7f0d2c97ca560231eb6d9dede80fc0

SHA1
918949852317cc041563b6dc85904debb10d5ae2

SHA256
e501b3ee4ec6383f8fe245e1881f4e38c97169085a0fb098a35f048e3d0d8d72

SHA512
3160d7b501da1f1b60aa73ee3cabe4b1b86b4e0bb070a755c0b65817f667ed4ce13aa0180955aed0be75d5cc8169cbf00a2723bc7c833c66338d17ac318e6f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\simplejson\_speedups.cp37-win_amd64.pyd

Filesize
39KB

MD5
de7f0d2c97ca560231eb6d9dede80fc0

SHA1
918949852317cc041563b6dc85904debb10d5ae2

SHA256
e501b3ee4ec6383f8fe245e1881f4e38c97169085a0fb098a35f048e3d0d8d72

SHA512
3160d7b501da1f1b60aa73ee3cabe4b1b86b4e0bb070a755c0b65817f667ed4ce13aa0180955aed0be75d5cc8169cbf00a2723bc7c833c66338d17ac318e6f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\tinyaes.cp37-win_amd64.pyd

Filesize
32KB

MD5
af7fff77c4e4fd2365b8315c4f5f7193

SHA1
cf070ad539c543e5a02ada7f48cb48c9c9af0e40

SHA256
e8d645671929b9b63288ef1668725a3e91da6c548904ad42e6f13a2fe46cd1cc

SHA512
0dbc9c703ebfafb9d6bfe4793f7ffa366c573846e8f1e1383e9d03812fd64a6ebb0e8af01f34ad956b14a6222e18c617672eabe2f3265d31851d2c53fedc8402

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\tinyaes.cp37-win_amd64.pyd

Filesize
32KB

MD5
af7fff77c4e4fd2365b8315c4f5f7193

SHA1
cf070ad539c543e5a02ada7f48cb48c9c9af0e40

SHA256
e8d645671929b9b63288ef1668725a3e91da6c548904ad42e6f13a2fe46cd1cc

SHA512
0dbc9c703ebfafb9d6bfe4793f7ffa366c573846e8f1e1383e9d03812fd64a6ebb0e8af01f34ad956b14a6222e18c617672eabe2f3265d31851d2c53fedc8402

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\ucrtbase.dll

Filesize
1011KB

MD5
849959a003fa63c5a42ae87929fcd18b

SHA1
d1b80b3265e31a2b5d8d7da6183146bbd5fb791b

SHA256
6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232

SHA512
64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\ucrtbase.dll

Filesize
1011KB

MD5
849959a003fa63c5a42ae87929fcd18b

SHA1
d1b80b3265e31a2b5d8d7da6183146bbd5fb791b

SHA256
6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232

SHA512
64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\unicodedata.pyd

Filesize
1.0MB

MD5
4d3d8e16e98558ff9dac8fc7061e2759

SHA1
c918ab67b580f955b6361f9900930da38cec7c91

SHA256
016d962782beae0ea8417a17e67956b27610f4565cff71dd35a6e52ab187c095

SHA512
0dfabfad969da806bc9c6c664cdf31647d89951832ff7e4e5eeed81f1de9263ed71bddeff76ebb8e47d6248ad4f832cb8ad456f11e401c3481674bd60283991a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\unicodedata.pyd

Filesize
1.0MB

MD5
4d3d8e16e98558ff9dac8fc7061e2759

SHA1
c918ab67b580f955b6361f9900930da38cec7c91

SHA256
016d962782beae0ea8417a17e67956b27610f4565cff71dd35a6e52ab187c095

SHA512
0dfabfad969da806bc9c6c664cdf31647d89951832ff7e4e5eeed81f1de9263ed71bddeff76ebb8e47d6248ad4f832cb8ad456f11e401c3481674bd60283991a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\win32api.pyd

Filesize
136KB

MD5
ba792c828797ab1b1ec5062b12872540

SHA1
15745e8c75c7d46a08a2efc301c6d6f95d3676e9

SHA256
e86a8623f4532645419bd753baf239c77198a51c0663d5441ad6e8b56093f530

SHA512
0e5f02a25789d47a686a18186fd6811e1cecbbc3104b0b3135eea5cc99240c59a3c24a760f8fe77bca8bffa2b4b1e0c305c5f73a28af4f84772a67db00544b82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\win32api.pyd

Filesize
136KB

MD5
ba792c828797ab1b1ec5062b12872540

SHA1
15745e8c75c7d46a08a2efc301c6d6f95d3676e9

SHA256
e86a8623f4532645419bd753baf239c77198a51c0663d5441ad6e8b56093f530

SHA512
0e5f02a25789d47a686a18186fd6811e1cecbbc3104b0b3135eea5cc99240c59a3c24a760f8fe77bca8bffa2b4b1e0c305c5f73a28af4f84772a67db00544b82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\win32gui.pyd

Filesize
237KB

MD5
dc365814f995d8c94de8539124f50e36

SHA1
38c66112e1c532c2e83debd2d2e9a9caaaa73b7d

SHA256
2d695765418db5cde334b9e36658a44408f165c93c6777ec2eca58e4a58fb288

SHA512
1ed50823c129d35cd3ac3aa2e3041f10c9fba2b34fc84763e631fd7874707aa0693371ad98a3da1105a71d6c0aa9279dd10bade44ffa093bc0dd1f44fce667df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\win32gui.pyd

Filesize
237KB

MD5
dc365814f995d8c94de8539124f50e36

SHA1
38c66112e1c532c2e83debd2d2e9a9caaaa73b7d

SHA256
2d695765418db5cde334b9e36658a44408f165c93c6777ec2eca58e4a58fb288

SHA512
1ed50823c129d35cd3ac3aa2e3041f10c9fba2b34fc84763e631fd7874707aa0693371ad98a3da1105a71d6c0aa9279dd10bade44ffa093bc0dd1f44fce667df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\win32process.pyd

Filesize
55KB

MD5
9db36c87d3805fe3c4acb11ee326ef02

SHA1
2fcc0ed16e7db6cb1819cd4c11b4bd970138805f

SHA256
35d090bdd9edabb5f0955882055b2fe18c8f9c06a1bba45f688df17ec19d28c7

SHA512
6f578b19c42416508adc99d82872a3956d672b7e25abc35c303276b5933f0cd65f49f7af7eb6c3322f4fd04260b37a8d052fe14a87128917cd14f7b05ddba402

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\win32process.pyd

Filesize
55KB

MD5
9db36c87d3805fe3c4acb11ee326ef02

SHA1
2fcc0ed16e7db6cb1819cd4c11b4bd970138805f

SHA256
35d090bdd9edabb5f0955882055b2fe18c8f9c06a1bba45f688df17ec19d28c7

SHA512
6f578b19c42416508adc99d82872a3956d672b7e25abc35c303276b5933f0cd65f49f7af7eb6c3322f4fd04260b37a8d052fe14a87128917cd14f7b05ddba402

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\win32security.pyd

Filesize
144KB

MD5
f83babb1b7588d1c75a35027b66d1823

SHA1
697fbda769c15d2a407b6b0b7cda287cd0024181

SHA256
896e5313eabe4f2d57753c573d2ed4ab9f65bec619c04e4169073310a8eca43c

SHA512
a25cd5e1fefe7ac31765789bd1b81ad56133aa6d225e4e34746649a1a96767738639da5a60aa26cfe7a2f801ee33a3bf77748be5192704965c539331e6c528a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\win32security.pyd

Filesize
144KB

MD5
f83babb1b7588d1c75a35027b66d1823

SHA1
697fbda769c15d2a407b6b0b7cda287cd0024181

SHA256
896e5313eabe4f2d57753c573d2ed4ab9f65bec619c04e4169073310a8eca43c

SHA512
a25cd5e1fefe7ac31765789bd1b81ad56133aa6d225e4e34746649a1a96767738639da5a60aa26cfe7a2f801ee33a3bf77748be5192704965c539331e6c528a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\win32service.pyd

Filesize
59KB

MD5
d376c3acf9bf13e4d35675b1c5957192

SHA1
476427be16c20989f5101c7c4048564000efb891

SHA256
fe3048dd45d1c0d21c0156935412b7c0f3e50e32443e56a6e42372d18e6e1f8f

SHA512
739cfa54a0a259cc553d5f5ff3504fb5e4181c740184b1dab97a5b0d83fe7528296cfeb9c4c1da2b657acf23e63a86dd32e11c7801e50ecae8252da7f3150505

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31522\win32service.pyd

Filesize
59KB

MD5
d376c3acf9bf13e4d35675b1c5957192

SHA1
476427be16c20989f5101c7c4048564000efb891

SHA256
fe3048dd45d1c0d21c0156935412b7c0f3e50e32443e56a6e42372d18e6e1f8f

SHA512
739cfa54a0a259cc553d5f5ff3504fb5e4181c740184b1dab97a5b0d83fe7528296cfeb9c4c1da2b657acf23e63a86dd32e11c7801e50ecae8252da7f3150505

Download Submit