Analysis

  • max time kernel
    172s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2023 02:06

General

  • Target

    wiperpayload.exe

  • Size

    22.7MB

  • MD5

    61118d3cf190d53b95f36272b7512f65

  • SHA1

    5b166d9e5027668ab1f707fe142320292a815523

  • SHA256

    0b53edab42806eef4da3e3a0276ee9c296fc67cc4797ff806ce371e78270c401

  • SHA512

    ecf60cf6aad81cae27427f67019f795c467e2f9dd152a3424f5b98a179e29f089c7a7032b2742454e6ab52a0031a4732a48e667890e090b3e30dc9dc155aa55c

  • SSDEEP

    393216:VvUWv/HL2Vmo2WtYjUaNRDHvcrwhvr+bUn2KekLTH6mp/WViHW0Gzajaq3+d9Xg:RUYyVmVfjrRj0r6+bUno0fcElOd9XgWU

Score
10/10

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\README.txt

Family

demonware

Ransom Note
Tango Down! Seems like you got hit by DemonWare ransomware! Don't Panic, you get have your files back! DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key C'mon, be glad I don't ask for payment like other ransomware. Please visit: https://keys.zeznzo.nl and search for your IP/hostname to get your key. Kind regards, Zeznzo
URLs

https://keys.zeznzo.nl

Signatures

  • DemonWare

    Ransomware first seen in mid-2020.

  • Loads dropped DLL 17 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wiperpayload.exe
    "C:\Users\Admin\AppData\Local\Temp\wiperpayload.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Users\Admin\AppData\Local\Temp\wiperpayload.exe
      "C:\Users\Admin\AppData\Local\Temp\wiperpayload.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4088
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "ver"
        3⤵
          PID:648

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\MSVCP140.dll

      Filesize

      613KB

      MD5

      c1b066f9e3e2f3a6785161a8c7e0346a

      SHA1

      8b3b943e79c40bc81fdac1e038a276d034bbe812

      SHA256

      99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

      SHA512

      36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\MSVCP140.dll

      Filesize

      613KB

      MD5

      c1b066f9e3e2f3a6785161a8c7e0346a

      SHA1

      8b3b943e79c40bc81fdac1e038a276d034bbe812

      SHA256

      99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

      SHA512

      36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\PIL\_imaging.cp39-win_amd64.pyd

      Filesize

      3.1MB

      MD5

      e9c6577fdfd871a5560cdaa83567c14f

      SHA1

      fc377b0b5bd2586499ad0cf318f3086e5820eae4

      SHA256

      080136a0a996d4176b280e53c25d87cb1842094acdaea0ccc967d4722d3bd902

      SHA512

      0b55eae5d6dbdd6d8bfb9961ac53a6dddcdd41c95c1ca76e17799b48a1056295824d708345a4e71a960495b73b8201e4173cc264def2a377c868bd66993234f5

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\PIL\_imaging.cp39-win_amd64.pyd

      Filesize

      3.1MB

      MD5

      e9c6577fdfd871a5560cdaa83567c14f

      SHA1

      fc377b0b5bd2586499ad0cf318f3086e5820eae4

      SHA256

      080136a0a996d4176b280e53c25d87cb1842094acdaea0ccc967d4722d3bd902

      SHA512

      0b55eae5d6dbdd6d8bfb9961ac53a6dddcdd41c95c1ca76e17799b48a1056295824d708345a4e71a960495b73b8201e4173cc264def2a377c868bd66993234f5

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\VCRUNTIME140.dll

      Filesize

      95KB

      MD5

      f34eb034aa4a9735218686590cba2e8b

      SHA1

      2bc20acdcb201676b77a66fa7ec6b53fa2644713

      SHA256

      9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

      SHA512

      d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\VCRUNTIME140.dll

      Filesize

      95KB

      MD5

      f34eb034aa4a9735218686590cba2e8b

      SHA1

      2bc20acdcb201676b77a66fa7ec6b53fa2644713

      SHA256

      9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

      SHA512

      d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_bz2.pyd

      Filesize

      85KB

      MD5

      b024a6f227eafa8d43edfc1a560fe651

      SHA1

      92451be6a2a6bfc4a8de8ad3559ba4a25d409f2e

      SHA256

      c0dd9496b19ba9536a78a43a97704e7d4bef3c901d196ed385e771366682819d

      SHA512

      b9edb6d0f1472dd01969e6f160b41c1e7e935d4eebcaf08554195eb85d91c19ff1bfbc150773f197462e582c6d31f12bd0304f636eb4f189ed3ed976824b283e

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_bz2.pyd

      Filesize

      85KB

      MD5

      b024a6f227eafa8d43edfc1a560fe651

      SHA1

      92451be6a2a6bfc4a8de8ad3559ba4a25d409f2e

      SHA256

      c0dd9496b19ba9536a78a43a97704e7d4bef3c901d196ed385e771366682819d

      SHA512

      b9edb6d0f1472dd01969e6f160b41c1e7e935d4eebcaf08554195eb85d91c19ff1bfbc150773f197462e582c6d31f12bd0304f636eb4f189ed3ed976824b283e

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_ctypes.pyd

      Filesize

      125KB

      MD5

      a1e9b3cc6b942251568e59fd3c342205

      SHA1

      3c5aaa6d011b04250f16986b3422f87a60326834

      SHA256

      a8703f949c9520b76cb1875d1176a23a2b3ef1d652d6dfac6e1de46dc08b2aa3

      SHA512

      2015b2ae1b17afc0f28c4af9cedf7d0b6219c4c257dd0c89328e5bd3eee35e2df63ef4fccb3ee38e7e65f01233d7b97fc363c0eae0cfa7754612c80564360d6f

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_ctypes.pyd

      Filesize

      125KB

      MD5

      a1e9b3cc6b942251568e59fd3c342205

      SHA1

      3c5aaa6d011b04250f16986b3422f87a60326834

      SHA256

      a8703f949c9520b76cb1875d1176a23a2b3ef1d652d6dfac6e1de46dc08b2aa3

      SHA512

      2015b2ae1b17afc0f28c4af9cedf7d0b6219c4c257dd0c89328e5bd3eee35e2df63ef4fccb3ee38e7e65f01233d7b97fc363c0eae0cfa7754612c80564360d6f

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_hashlib.pyd

      Filesize

      64KB

      MD5

      69dc506cf2fa3da9d0caba05fca6a35d

      SHA1

      33b24abb7b1d68d3b0315be7f8f49de50c9bdcb6

      SHA256

      c5b8c4582e201fef2d8cb2c8672d07b86dec31afb4a17b758dbfb2cff163b12f

      SHA512

      0009ec88134e25325a47b8b358da0fed8bb34fe80602e08a60686f6029b80f4287d33adb66ef41435d11d6edff86a88916f776eeaf2d1cb72035783f109ca1ff

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_hashlib.pyd

      Filesize

      64KB

      MD5

      69dc506cf2fa3da9d0caba05fca6a35d

      SHA1

      33b24abb7b1d68d3b0315be7f8f49de50c9bdcb6

      SHA256

      c5b8c4582e201fef2d8cb2c8672d07b86dec31afb4a17b758dbfb2cff163b12f

      SHA512

      0009ec88134e25325a47b8b358da0fed8bb34fe80602e08a60686f6029b80f4287d33adb66ef41435d11d6edff86a88916f776eeaf2d1cb72035783f109ca1ff

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_lzma.pyd

      Filesize

      160KB

      MD5

      77b78b43d58fe7ce9eb2fbb1420889fa

      SHA1

      de55ce88854e314697fa54703a2cd6cc970f3111

      SHA256

      6e571d93ce55d09583ec91c607883a43c1da3d4d36794d68c6ecd6bea4ab466a

      SHA512

      7b03b7d3f2fd9b51391de08e69ca9156a0232b56f210878a488b9d5a19492ab5880f45d9407331360fbe543a52c03d68f68da4387bf6a13b20ec903a7b081846

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_lzma.pyd

      Filesize

      160KB

      MD5

      77b78b43d58fe7ce9eb2fbb1420889fa

      SHA1

      de55ce88854e314697fa54703a2cd6cc970f3111

      SHA256

      6e571d93ce55d09583ec91c607883a43c1da3d4d36794d68c6ecd6bea4ab466a

      SHA512

      7b03b7d3f2fd9b51391de08e69ca9156a0232b56f210878a488b9d5a19492ab5880f45d9407331360fbe543a52c03d68f68da4387bf6a13b20ec903a7b081846

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_socket.pyd

      Filesize

      79KB

      MD5

      cd56f508e7c305d4bfdeb820ecf3a323

      SHA1

      711c499bcf780611a815afa7374358bbfd22fcc9

      SHA256

      9e97b782b55400e5a914171817714bbbc713c0a396e30496c645fc82835e4b34

      SHA512

      e937c322c78e40947c70413404beba52d3425945b75255590dedf84ee429f685e0e5bc86ad468044925fbc59cf7ec8698a5472dd4f05b4363da30de04f9609a5

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_socket.pyd

      Filesize

      79KB

      MD5

      cd56f508e7c305d4bfdeb820ecf3a323

      SHA1

      711c499bcf780611a815afa7374358bbfd22fcc9

      SHA256

      9e97b782b55400e5a914171817714bbbc713c0a396e30496c645fc82835e4b34

      SHA512

      e937c322c78e40947c70413404beba52d3425945b75255590dedf84ee429f685e0e5bc86ad468044925fbc59cf7ec8698a5472dd4f05b4363da30de04f9609a5

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_tkinter.pyd

      Filesize

      65KB

      MD5

      77cf63868cae43963b69b4561114cd19

      SHA1

      6975afa15fde28279ede93c78d78847ed58d6221

      SHA256

      313fb33e72028fcc893ec7874e0c825c035cdcebe1b5b7c7d8d11ef3ad1b354f

      SHA512

      fcf92377b07a2979b87cce7f545dd5f34df8739e2634d889077a10bb4441853b24a9427fa92ed5cb4694e71ef6421f89e1106bd689f94d11d839e29f576af514

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\_tkinter.pyd

      Filesize

      65KB

      MD5

      77cf63868cae43963b69b4561114cd19

      SHA1

      6975afa15fde28279ede93c78d78847ed58d6221

      SHA256

      313fb33e72028fcc893ec7874e0c825c035cdcebe1b5b7c7d8d11ef3ad1b354f

      SHA512

      fcf92377b07a2979b87cce7f545dd5f34df8739e2634d889077a10bb4441853b24a9427fa92ed5cb4694e71ef6421f89e1106bd689f94d11d839e29f576af514

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\base_library.zip

      Filesize

      765KB

      MD5

      56863dd34fbc5a6720b28d5b319591ed

      SHA1

      f023fef371b86943b3748dd70adb10eb604e8c16

      SHA256

      0329a74e528de5542843e9d10b0f3cb2babcd929eb44537f29c2be5679f09480

      SHA512

      baf17c3fd4e8cdce6cf9c7398cf5a2f0bdf1f4ba9ea5bb66d8243f01835b239e2af6615b65894fa12ca53240977b91a60aa034d767cbbb8f7e33eb41f4858034

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\libcrypto-1_1.dll

      Filesize

      3.3MB

      MD5

      ab01c808bed8164133e5279595437d3d

      SHA1

      0f512756a8db22576ec2e20cf0cafec7786fb12b

      SHA256

      9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

      SHA512

      4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\libcrypto-1_1.dll

      Filesize

      3.3MB

      MD5

      ab01c808bed8164133e5279595437d3d

      SHA1

      0f512756a8db22576ec2e20cf0cafec7786fb12b

      SHA256

      9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

      SHA512

      4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\libffi-7.dll

      Filesize

      32KB

      MD5

      eef7981412be8ea459064d3090f4b3aa

      SHA1

      c60da4830ce27afc234b3c3014c583f7f0a5a925

      SHA256

      f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

      SHA512

      dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\libffi-7.dll

      Filesize

      32KB

      MD5

      eef7981412be8ea459064d3090f4b3aa

      SHA1

      c60da4830ce27afc234b3c3014c583f7f0a5a925

      SHA256

      f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

      SHA512

      dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\python39.dll

      Filesize

      4.3MB

      MD5

      2135da9f78a8ef80850fa582df2c7239

      SHA1

      aac6ad3054de6566851cae75215bdeda607821c4

      SHA256

      324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

      SHA512

      423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\python39.dll

      Filesize

      4.3MB

      MD5

      2135da9f78a8ef80850fa582df2c7239

      SHA1

      aac6ad3054de6566851cae75215bdeda607821c4

      SHA256

      324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

      SHA512

      423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\select.pyd

      Filesize

      29KB

      MD5

      35bb285678b249770dda3f8a15724593

      SHA1

      a91031d56097a4cbf800a6960e229e689ba63099

      SHA256

      71ed480da28968a7fd07934e222ae87d943677468936fd419803280d0cad07f3

      SHA512

      956759742b4b47609a57273b1ea7489ce39e29ebced702245a9665bb0479ba7d42c053e40c6dc446d5b0f95f8cc3f2267af56ccaaaf06e6875c94d4e3f3b6094

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\select.pyd

      Filesize

      29KB

      MD5

      35bb285678b249770dda3f8a15724593

      SHA1

      a91031d56097a4cbf800a6960e229e689ba63099

      SHA256

      71ed480da28968a7fd07934e222ae87d943677468936fd419803280d0cad07f3

      SHA512

      956759742b4b47609a57273b1ea7489ce39e29ebced702245a9665bb0479ba7d42c053e40c6dc446d5b0f95f8cc3f2267af56ccaaaf06e6875c94d4e3f3b6094

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl86t.dll

      Filesize

      1.8MB

      MD5

      75909678c6a79ca2ca780a1ceb00232e

      SHA1

      39ddbeb1c288335abe910a5011d7034345425f7d

      SHA256

      fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860

      SHA512

      91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl86t.dll

      Filesize

      1.8MB

      MD5

      75909678c6a79ca2ca780a1ceb00232e

      SHA1

      39ddbeb1c288335abe910a5011d7034345425f7d

      SHA256

      fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860

      SHA512

      91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl8\8.5\msgcat-1.6.1.tm

      Filesize

      34KB

      MD5

      bd4ff2a1f742d9e6e699eeee5e678ad1

      SHA1

      811ad83aff80131ba73abc546c6bd78453bf3eb9

      SHA256

      6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb

      SHA512

      b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl\auto.tcl

      Filesize

      21KB

      MD5

      08edf746b4a088cb4185c165177bd604

      SHA1

      395cda114f23e513eef4618da39bb86d034124bf

      SHA256

      517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c

      SHA512

      c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl\encoding\cp1252.enc

      Filesize

      1KB

      MD5

      e9117326c06fee02c478027cb625c7d8

      SHA1

      2ed4092d573289925a5b71625cf43cc82b901daf

      SHA256

      741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

      SHA512

      d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl\http1.0\pkgIndex.tcl

      Filesize

      746B

      MD5

      a387908e2fe9d84704c2e47a7f6e9bc5

      SHA1

      f3c08b3540033a54a59cb3b207e351303c9e29c6

      SHA256

      77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339

      SHA512

      7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl\init.tcl

      Filesize

      25KB

      MD5

      982eae7a49263817d83f744ffcd00c0e

      SHA1

      81723dfea5576a0916abeff639debe04ce1d2c83

      SHA256

      331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f

      SHA512

      31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl\opt0.4\pkgIndex.tcl

      Filesize

      620B

      MD5

      07532085501876dcc6882567e014944c

      SHA1

      6bc7a122429373eb8f039b413ad81c408a96cb80

      SHA256

      6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe

      SHA512

      0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl\package.tcl

      Filesize

      23KB

      MD5

      ddb0ab9842b64114138a8c83c4322027

      SHA1

      eccacdc2ccd86a452b21f3cf0933fd41125de790

      SHA256

      f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948

      SHA512

      c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl\tclIndex

      Filesize

      5KB

      MD5

      c62fb22f4c9a3eff286c18421397aaf4

      SHA1

      4a49b8768cff68f2effaf21264343b7c632a51b2

      SHA256

      ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89

      SHA512

      558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tcl\tm.tcl

      Filesize

      11KB

      MD5

      215262a286e7f0a14f22db1aa7875f05

      SHA1

      66b942ba6d3120ef8d5840fcdeb06242a47491ff

      SHA256

      4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f

      SHA512

      6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk86t.dll

      Filesize

      1.5MB

      MD5

      4b6270a72579b38c1cc83f240fb08360

      SHA1

      1a161a014f57fe8aa2fadaab7bc4f9faaac368de

      SHA256

      cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08

      SHA512

      0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk86t.dll

      Filesize

      1.5MB

      MD5

      4b6270a72579b38c1cc83f240fb08360

      SHA1

      1a161a014f57fe8aa2fadaab7bc4f9faaac368de

      SHA256

      cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08

      SHA512

      0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\button.tcl

      Filesize

      21KB

      MD5

      aeb53f7f1506cdfdfe557f54a76060ce

      SHA1

      ebb3666ee444b91a0d335da19c8333f73b71933b

      SHA256

      1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5

      SHA512

      acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\entry.tcl

      Filesize

      17KB

      MD5

      f109865c52d1fd602e2d53e559e56c22

      SHA1

      5884a3bb701c27ba1bf35c6add7852e84d73d81f

      SHA256

      af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048

      SHA512

      b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\icons.tcl

      Filesize

      10KB

      MD5

      995a0a8f7d0861c268aead5fc95a42ea

      SHA1

      21e121cf85e1c4984454237a646e58ec3c725a72

      SHA256

      1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85

      SHA512

      db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\listbox.tcl

      Filesize

      14KB

      MD5

      804e6dce549b2e541986c0ce9e75e2d1

      SHA1

      c44ee09421f127cf7f4070a9508f22709d06d043

      SHA256

      47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801

      SHA512

      029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\menu.tcl

      Filesize

      38KB

      MD5

      078782cd05209012a84817ac6ef11450

      SHA1

      dba04f7a6cf34c54a961f25e024b6a772c2b751d

      SHA256

      d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89

      SHA512

      79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\panedwindow.tcl

      Filesize

      5KB

      MD5

      286c01a1b12261bc47f5659fd1627abd

      SHA1

      4ca36795cab6dfe0bbba30bb88a2ab71a0896642

      SHA256

      aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9

      SHA512

      d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\pkgIndex.tcl

      Filesize

      376B

      MD5

      3367ce12a4ba9baaf7c5127d7412aa6a

      SHA1

      865c775bb8f56c3c5dfc8c71bfaf9ef58386161d

      SHA256

      3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898

      SHA512

      f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\scale.tcl

      Filesize

      7KB

      MD5

      857add6060a986063b0ed594f6b0cd26

      SHA1

      b1981d33ddea81cfffa838e5ac80e592d9062e43

      SHA256

      0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05

      SHA512

      7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\scrlbar.tcl

      Filesize

      12KB

      MD5

      5249cd1e97e48e3d6dec15e70b9d7792

      SHA1

      612e021ba25b5e512a0dfd48b6e77fc72894a6b9

      SHA256

      eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f

      SHA512

      e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\spinbox.tcl

      Filesize

      16KB

      MD5

      77dfe1baccd165a0c7b35cdeaa2d1a8c

      SHA1

      426ba77fc568d4d3a6e928532e5beb95388f36a0

      SHA256

      2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277

      SHA512

      e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\text.tcl

      Filesize

      34KB

      MD5

      7c2ac370de0b941ae13572152419c642

      SHA1

      7598cc20952fa590e32da063bf5c0f46b0e89b15

      SHA256

      4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e

      SHA512

      8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\tk.tcl

      Filesize

      23KB

      MD5

      338184e46bd23e508daedbb11a4f0950

      SHA1

      437db31d487c352472212e8791c8252a1412cb0e

      SHA256

      0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9

      SHA512

      8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\button.tcl

      Filesize

      2KB

      MD5

      d4bf1af5dcdd85e3bd11dbf52eb2c146

      SHA1

      b1691578041319e671d31473a1dd404855d2038b

      SHA256

      e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf

      SHA512

      25834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\cursors.tcl

      Filesize

      4KB

      MD5

      18ec3e60b8dd199697a41887be6ce8c2

      SHA1

      13ff8ce95289b802a5247b1fd9dea90d2875cb5d

      SHA256

      7a2ed9d78fabcafff16694f2f4a2e36ff5aa313f912d6e93484f3bcd0466ad91

      SHA512

      4848044442efe75bcf1f89d8450c8ecbd441f38a83949a3cd2a56d9000cacaa2ea440ca1b32c856ab79358ace9c7e3f70ddf0ec54aa93866223d8fef76930b19

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\entry.tcl

      Filesize

      17KB

      MD5

      89089172393c551cd1668b9c19b88290

      SHA1

      0b8667217a4a14289e9f6c1b384def5479bca089

      SHA256

      830cc3009a735e92db70d53210c4928dd35caab5051ed14dec67e06ae25cbe28

      SHA512

      abbbe6aa937aab392bc7dcb8bbfbbec9ee5ed2c9f10ed982d77258bd98f27ee95ac47fd7cb6761b814885ef0878e1f1557d034c9f4163d9d85b388f2b837683f

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\fonts.tcl

      Filesize

      5KB

      MD5

      80331fcbe4c049ff1a0d0b879cb208de

      SHA1

      4eb3efdfe3731bd1ae9fd52ce32b1359241f13cf

      SHA256

      b94c319e5a557a5665b1676d602b6495c0887c5bacf7fa5b776200112978bb7b

      SHA512

      a4bd2d91801c121a880225f1f3d0c4e30bf127190cf375f6f7a49eb4239a35c49c44f453d6d3610df0d6a7b3cb15f4e79bd9c129025cc496ceb856fcc4b6de87

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\menubutton.tcl

      Filesize

      6KB

      MD5

      4c8d90257d073f263b258f00b2a518c2

      SHA1

      7b58859e9b70fb37f53809cd3ffd7cf69ab310d8

      SHA256

      972b13854d0e9b84de338d6753f0f11f3a8534e7d0e51838796dae5a1e2e3085

      SHA512

      ed67f41578ee834ee8db1fded8aa069c0045e7058e338c451fa8e1ade52907bed0c95631c21b8e88461571903b3da2698a29e47f990b7a0f0dd3073e7a1bcadc

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\notebook.tcl

      Filesize

      5KB

      MD5

      f811f3e46a4efa73292f40d1cddd265d

      SHA1

      7fc70a1984555672653a0840499954b854f27920

      SHA256

      22264d8d138e2c0e9a950305b4f08557c5a73f054f8215c0d8ce03854042be76

      SHA512

      4424b7c687eb9b1804ed3b1c685f19d4d349753b374d9046240f937785c9713e8a760ada46cb628c15f9c7983ce4a7987691c968330478c9c1a9b74e953e40ac

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\panedwindow.tcl

      Filesize

      2KB

      MD5

      619d8f54ee73ad8a373ab272fbdb94a6

      SHA1

      973626b5396b7e786dedd8159d10e66b4465f9e0

      SHA256

      4d08a7e29eef731876951ef01dfa51654b6275fa3daadb1f48ff4bbeac238eb5

      SHA512

      0d913c7dc9daee2b4a2a46663a07b3139d6b8f30d2f942642817504535e85616835eaa7d468851a83723a3dd711b65761376f3df96a59a933a74ef096e13ace9

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\progress.tcl

      Filesize

      1KB

      MD5

      dbf3bf0e8f04e9435e9561f740dfc700

      SHA1

      c7619a05a834efb901c57dcfec2c9e625f42428f

      SHA256

      697cc0a75ae31fe9c2d85fb25dca0afa5d0df9c523a2dfad2e4a36893be75fba

      SHA512

      d3b323dfb3eac4a78da2381405925c131a99c6806af6fd8041102162a44e48bf166982a4ae4aa142a14601736716f1a628d9587e292fa8e4842be984374cc192

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\scale.tcl

      Filesize

      2KB

      MD5

      f1c33cc2d47115bbecd2e7c2fcb631a7

      SHA1

      0123a961242ed8049b37c77c726db8dbd94c1023

      SHA256

      b909add0b87fa8ee08fd731041907212a8a0939d37d2ff9b2f600cd67dabd4bb

      SHA512

      96587a8c3555da1d810010c10c516ce5ccab071557a3c8d9bd65c647c7d4ad0e35cbed0788f1d72bafac8c84c7e2703fc747f70d9c95f720745a1fc4a701c544

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\scrollbar.tcl

      Filesize

      3KB

      MD5

      3fb31a225cec64b720b8e579582f2749

      SHA1

      9c0151d9e2543c217cf8699ff5d4299a72e8f13c

      SHA256

      6eaa336b13815a7fc18bcd6b9adf722e794da2888d053c229044784c8c8e9de8

      SHA512

      e6865655585e3d2d6839b56811f3fd86b454e8cd44e258bb1ac576ad245ff8a4d49fbb7f43458ba8a6c9daac8dfa923a176f0dd8a9976a11bea09e6e2d17bf45

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\ttk.tcl

      Filesize

      4KB

      MD5

      af45b2c8b43596d1bdeca5233126bd14

      SHA1

      a99e75d299c4579e10fcdd59389b98c662281a26

      SHA256

      2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b

      SHA512

      c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80

    • C:\Users\Admin\AppData\Local\Temp\_MEI26842\tk\ttk\utils.tcl

      Filesize

      8KB

      MD5

      d98edc491da631510f124cd3934f535f

      SHA1

      33037a966067c9f5c9074ae5532ff3b51b4082d4

      SHA256

      d58610a34301bb6e61a60bec69a7cecf4c45c6a034a9fc123977174b586278be

      SHA512

      23faed8298e561f490997fe44ab61cd8ccb9f1f63d48bb4cf51fc9e591e463ff9297973622180d6a599cabb541c82b8fe33bf38a82c5d5905bbfa52ca0341399

    • C:\Users\Admin\Downloads\UninstallDismount.docx

      Filesize

      1B

      MD5

      7215ee9c7d9dc229d2921a40e899ec5f

      SHA1

      b858cb282617fb0956d960215c8e84d1ccf909c6

      SHA256

      36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

      SHA512

      f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

    • C:\Users\Admin\Pictures\README.txt

      Filesize

      575B

      MD5

      efd54055b28e173ea64831fc59a0aca8

      SHA1

      cdf18b0692a53cbeed66ee14fa0f54666cf04013

      SHA256

      e3cf65e96fcf774320e0ae4a42d6544f1aef476cd67184432465b2c595180a99

      SHA512

      5ecf69dbdf824a6e0221e7f953ed58889bbd76ee563e9fc7e5d95b68245d0f4af0e0ec5f13f002975b65bacf0cd29027964b9f8c4174134ed08358e41b58f4d5