amadey | 79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22/11/2023, 12:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

amd.exe
Size

437KB
MD5

625cb97439daa80940791f626bb4765c
SHA1

af462cf5435efceefcd6786f212e192403e80c4b
SHA256

79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71
SHA512

145f8dba2288b45ef2f0ba1582861131501fb90697dfd1a79bfcdb93fa1d9110283ccb95e24317876082c7b5b24e32f2d7f954d93cb0cac2d819dec920d00891
SSDEEP

12288:C+mHU45lKN78RhFkvULfYOmBpumeYDDtKf:Ce45lKh87zLwp7Kf

Score

10^/10

amadey persistence trojan

Malware Config

Extracted

Family

amadey

Version

4.12

http://bitcoinstorm.cc

http://blackgold.top

http://emancipation1866.top

Attributes

strings_key
550b275dd5aea0a3932bf7e10871e2c7
url_paths
/g9sdjScV2/index.php

/vdhe8ejs3/index.php

/ghndbncg3S/index.php

rc4.plain

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey
Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
2144	Utsysc.exe
864	Utsysc.exe
1972	client.exe
1940	Utsysc.exe
2204	msvr32.exe
2008	runtimejavaw.exe

Loads dropped DLL 29 IoCs

pid	Process
1412	amd.exe
2144	Utsysc.exe
2144	Utsysc.exe
1972	client.exe
1972	client.exe
2204	msvr32.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe
2008	runtimejavaw.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Windows\CurrentVersion\Run\msvr32 = "C:\\Users\\Admin\\AppData\\Roaming\\.socket\\msvr32.exe"	reg.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	msvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2740	schtasks.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2204	msvr32.exe
2204	msvr32.exe
2204	msvr32.exe
2204	msvr32.exe
2204	msvr32.exe
2204	msvr32.exe
2204	msvr32.exe
2204	msvr32.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2204	msvr32.exe
Token: SeShutdownPrivilege	2204	msvr32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1412	amd.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2144	1412	amd.exe	28
PID 1412 wrote to memory of 2144	1412	amd.exe	28
PID 1412 wrote to memory of 2144	1412	amd.exe	28
PID 1412 wrote to memory of 2144	1412	amd.exe	28
PID 2144 wrote to memory of 2740	2144	Utsysc.exe	29
PID 2144 wrote to memory of 2740	2144	Utsysc.exe	29
PID 2144 wrote to memory of 2740	2144	Utsysc.exe	29
PID 2144 wrote to memory of 2740	2144	Utsysc.exe	29
PID 2812 wrote to memory of 864	2812	taskeng.exe	35
PID 2812 wrote to memory of 864	2812	taskeng.exe	35
PID 2812 wrote to memory of 864	2812	taskeng.exe	35
PID 2812 wrote to memory of 864	2812	taskeng.exe	35
PID 2144 wrote to memory of 1972	2144	Utsysc.exe	36
PID 2144 wrote to memory of 1972	2144	Utsysc.exe	36
PID 2144 wrote to memory of 1972	2144	Utsysc.exe	36
PID 2144 wrote to memory of 1972	2144	Utsysc.exe	36
PID 2812 wrote to memory of 1940	2812	taskeng.exe	37
PID 2812 wrote to memory of 1940	2812	taskeng.exe	37
PID 2812 wrote to memory of 1940	2812	taskeng.exe	37
PID 2812 wrote to memory of 1940	2812	taskeng.exe	37
PID 1972 wrote to memory of 1920	1972	client.exe	38
PID 1972 wrote to memory of 1920	1972	client.exe	38
PID 1972 wrote to memory of 1920	1972	client.exe	38
PID 1972 wrote to memory of 1920	1972	client.exe	38
PID 1972 wrote to memory of 1364	1972	client.exe	40
PID 1972 wrote to memory of 1364	1972	client.exe	40
PID 1972 wrote to memory of 1364	1972	client.exe	40
PID 1972 wrote to memory of 1364	1972	client.exe	40
PID 1972 wrote to memory of 2204	1972	client.exe	42
PID 1972 wrote to memory of 2204	1972	client.exe	42
PID 1972 wrote to memory of 2204	1972	client.exe	42
PID 1972 wrote to memory of 2204	1972	client.exe	42
PID 2204 wrote to memory of 2008	2204	msvr32.exe	43
PID 2204 wrote to memory of 2008	2204	msvr32.exe	43
PID 2204 wrote to memory of 2008	2204	msvr32.exe	43
PID 2204 wrote to memory of 2008	2204	msvr32.exe	43

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1920	attrib.exe

C:\Users\Admin\AppData\Local\Temp\amd.exe
"C:\Users\Admin\AppData\Local\Temp\amd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe
  "C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe" /F
    3⤵
    - Creates scheduled task(s)
    PID:2740
- - C:\Users\Admin\AppData\Local\Temp\1000001001\client.exe
    "C:\Users\Admin\AppData\Local\Temp\1000001001\client.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1972
  - - C:\Windows\SysWOW64\attrib.exe
      "attrib" +h C:\Users\Admin\AppData\Roaming\.socket
      4⤵
      Views/modifies file attributes
      PID:1920
  - - C:\Windows\SysWOW64\reg.exe
      "reg.exe" add HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v msvr32 /t REG_SZ /d C:\Users\Admin\AppData\Roaming\.socket\msvr32.exe /f
      4⤵
      Adds Run key to start application
      PID:1364
  - - C:\Users\Admin\AppData\Roaming\.socket\msvr32.exe
      "C:\Users\Admin\AppData\Roaming\.socket\msvr32.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:2204
    - - C:\Users\Admin\AppData\Roaming\.socket\jre\bin\runtimejavaw.exe
        
        "C:\Users\Admin\AppData\Roaming\.socket\jre\bin\runtimejavaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.socket\socket.jar"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2008

C:\Windows\system32\taskeng.exe
taskeng.exe {2437B7F9-07E6-4878-BDAC-85DCD9CADC68} S-1-5-21-2084844033-2744876406-2053742436-1000:GGPVHMXR\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe
  C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe
  C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe
  2⤵
  - Executes dropped EXE
  PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\084844033274

Filesize
70KB

MD5
769c143339ab9fdbb51d4db528e46469

SHA1
15d012bc290e0465b8d82f04fc367a7adac13046

SHA256
a061f906e47a77750799a6f895b675cc77ba4008c8c796544116f6034711e9f0

SHA512
7b0dfc89c5813544e8ea241ac48e898e653e4bce20955de4bef9c50222f0ebcacdbfc5f6b0aa66dd4192227d8e350fc64f12bcbce93150a8c8f03605bc71607d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000001001\client.exe

Filesize
93.4MB

MD5
64d802756e7231204531491c35a9d528

SHA1
74eb304b410b0279f014ff5986c5b87054a999c2

SHA256
5e7e84acd280cb92a764a84eaa078371d4df3f589ce935715ed671b75c7dacb7

SHA512
0afdfbd6b5ef1bff6af82d9b2558713cc31eca68e012085bd26f997f7a2fbdbcf43fa325d95691c5ad144c3dbf20a6e216764e7ee9002c8fec72176e1ea595da

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000001001\client.exe

Filesize
93.4MB

MD5
64d802756e7231204531491c35a9d528

SHA1
74eb304b410b0279f014ff5986c5b87054a999c2

SHA256
5e7e84acd280cb92a764a84eaa078371d4df3f589ce935715ed671b75c7dacb7

SHA512
0afdfbd6b5ef1bff6af82d9b2558713cc31eca68e012085bd26f997f7a2fbdbcf43fa325d95691c5ad144c3dbf20a6e216764e7ee9002c8fec72176e1ea595da

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000001001\client.exe

Filesize
93.4MB

MD5
64d802756e7231204531491c35a9d528

SHA1
74eb304b410b0279f014ff5986c5b87054a999c2

SHA256
5e7e84acd280cb92a764a84eaa078371d4df3f589ce935715ed671b75c7dacb7

SHA512
0afdfbd6b5ef1bff6af82d9b2558713cc31eca68e012085bd26f997f7a2fbdbcf43fa325d95691c5ad144c3dbf20a6e216764e7ee9002c8fec72176e1ea595da

Download Submit
C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe

Filesize
437KB

MD5
625cb97439daa80940791f626bb4765c

SHA1
af462cf5435efceefcd6786f212e192403e80c4b

SHA256
79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71

SHA512
145f8dba2288b45ef2f0ba1582861131501fb90697dfd1a79bfcdb93fa1d9110283ccb95e24317876082c7b5b24e32f2d7f954d93cb0cac2d819dec920d00891

Download Submit
C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe

Filesize
437KB

MD5
625cb97439daa80940791f626bb4765c

SHA1
af462cf5435efceefcd6786f212e192403e80c4b

SHA256
79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71

SHA512
145f8dba2288b45ef2f0ba1582861131501fb90697dfd1a79bfcdb93fa1d9110283ccb95e24317876082c7b5b24e32f2d7f954d93cb0cac2d819dec920d00891

Download Submit
C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe

Filesize
437KB

MD5
625cb97439daa80940791f626bb4765c

SHA1
af462cf5435efceefcd6786f212e192403e80c4b

SHA256
79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71

SHA512
145f8dba2288b45ef2f0ba1582861131501fb90697dfd1a79bfcdb93fa1d9110283ccb95e24317876082c7b5b24e32f2d7f954d93cb0cac2d819dec920d00891

Download Submit
C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe

Filesize
437KB

MD5
625cb97439daa80940791f626bb4765c

SHA1
af462cf5435efceefcd6786f212e192403e80c4b

SHA256
79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71

SHA512
145f8dba2288b45ef2f0ba1582861131501fb90697dfd1a79bfcdb93fa1d9110283ccb95e24317876082c7b5b24e32f2d7f954d93cb0cac2d819dec920d00891

Download Submit
C:\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe

Filesize
437KB

MD5
625cb97439daa80940791f626bb4765c

SHA1
af462cf5435efceefcd6786f212e192403e80c4b

SHA256
79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71

SHA512
145f8dba2288b45ef2f0ba1582861131501fb90697dfd1a79bfcdb93fa1d9110283ccb95e24317876082c7b5b24e32f2d7f954d93cb0cac2d819dec920d00891

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\installer.log

Filesize
55B

MD5
945318de45b2b3bd12fd854d1e3204a7

SHA1
c0310ef0dbacb0b199a4b0e4823dfbeb28ff0f17

SHA256
e36e863e24a68e176d3bd05cfd807cf7ad508ea4455d60031a84dd3f5f9ce364

SHA512
68e56bc59c955f8bf88c6a451c3cee648222e77f06e66cf137c17120874c7df946429ede9dd8a3ed16c992ee8602edf20b356bb3ec066e1a503eae738d510689

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
10KB

MD5
7d64aefb7e8b31292da55c6e12808cdb

SHA1
568c2a19a33bb18a3c6e19c670945630b9687d50

SHA256
62a4810420d997c7fdd9e86a42917a44b78fb367a9d3c0a204e44b3ff05de6d4

SHA512
68479da21f3a2246d60db8afd2ae3383a430c61458089179c35df3e25ca1a15eba86a2a473e661c1364613baa93dcb38652443eb5c5d484b571ab30728598f9b

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
10KB

MD5
dcd09014f2b8041e89270fecd2c078b2

SHA1
b9f08affdd9ff5622c16561e6a6e6120a786e315

SHA256
6572965fd3909af60310db1e00c8820b2deef4864612e757d3babab896f59ed7

SHA512
ef2ac73100184e6d80e03ce5aa089dbddb9e2a52adf878c34b7683274f879dcf2b066491cfc666f26453acbd44543d9741f36369015bd5d07e36b49d435751f6

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
3979437d6817cdf82da474c8a1eefb0d

SHA1
5e96fe40993acbc7c2e9a104d51a728950ad872e

SHA256
3dd2e16b6f135cdd45bce4065f6493540ebbaf2f7f1553085a2442ea2cf80a10

SHA512
4f64c6d232fdae3e7e583cb1aa39878abbfbbc9466108b97a5dce089c35eb30af502b5b212b043c27c1b12b23c165bd2b559060c43d9e2efcdda777b34f0066b

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
4da67feefeb86b58a20b3482b93285b3

SHA1
6cd7f344d7ca70cf983caddb88ff6baa40385ef1

SHA256
3a5d176b1f2c97bca7d4e7a52590b84b726796191ae892d38ad757fd595f414d

SHA512
b9f420d30143cf3f5c919fa454616765602f27c678787d34f502943567e3e5dfb068fec8190fea6fa8db70153ed620eb4fe5dc3092f9b35b7d46b00cc238e3ba

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
3339350008a663975ba4953018c38673

SHA1
78614a1aad7fc83d6999dcc0f467b43693be3d47

SHA256
4f77abb5c5014769f907a194fd2e43b3c977df1fb87f8c98dd15a7b950d1e092

SHA512
a303fd57dd59f478a8d6c66785768886509625a2baf8bf2b357bb249fc93f193ac8c5c2c9193e53738805700e49b941bf741d6c4850a43f29a82424ccdda191b

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-convert-l1-1-0.dll

Filesize
14KB

MD5
392b572dc6275d079270ad8e751a2433

SHA1
8347bba17ed3e7d5c2491f2177af3f35881e4420

SHA256
347ceeb26c97124fb49add1e773e24883e84bf9e23204291066855cd0baea173

SHA512
dbdbd159b428d177c5f5b57620da18a509350707881fb5040ac10faf2228c2ccfd6126ea062c5dd4d13998624a4f5745ed947118e8a1220190fdb93b6a3c20b7

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
9806f2f88ba292b8542a964c0b102876

SHA1
c02e1541a264a04963add31d2043fa954b069b6b

SHA256
cf601a7b883bb4fb87c28b4a1d9f823d2454b298cdbcb4da4f508db8bd1278ba

SHA512
d68cb926de3caa498ad2aea60e2c5dbb72f30836a6ad9bb11a48f2ca706656981d9332dae44769ccf6f8de3b2ea1507983440afbe1322520f2fd1674cd8de823

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
12KB

MD5
1747189e90f6d3677c27dc77382699d8

SHA1
17e07200fc40914e9aa5cbfc9987117b4dc8db02

SHA256
6cc23b34f63ba8861742c207f0020f7b89530d6cdd8469c567246a5879d62b82

SHA512
d2cc7223819b9109b7ce2475dfb2a58da78d0d3d606b05b6f24895d2f05fb1b83ee4c1d7a863f3c3488f5d1b014cd5b429070577bd53d00bb1e0a0a9b958f0b1

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-heap-l1-1-0.dll

Filesize
11KB

MD5
1bcb55590ab80c2c78f8ce71eadeb3dc

SHA1
8625e6ed37c1a5678c3b4713801599f792dc1367

SHA256
a3f13fa93131a17e05ad0c4253c34b4db30d15eae2b43c9d7ec56fdc6709d371

SHA512
d80374ec9b17692b157031f771c6c86dc52247c3298594a936067473528bbb511be4e033203144bbf2ec2acfd7e3e935f898c945eb864dcf8b43ae48e3754439

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
7481e20041cf8e366d737962d23ec9de

SHA1
a13c9a2d6cf6c92050eaae5ecb090a401359d992

SHA256
4615ec9effc0c27fc0cfd23ad9d87534cbe745998b7d318ae84ece5ea1338551

SHA512
f7a8e381d1ac2704d61258728a9175834cf414f7f2ff79bd8853e8359d6468839585cb643f0871334b943b0f7b0d868e077f6bd3f61668e54785ee8b94bf7903

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
f4e9937296ec528938a3c28a48687f5c

SHA1
961390a2c5e08336857c8a39b254b2bfe3d8bdc6

SHA256
190a2cc8c8e47fcd4d07b4e260e247fb3b5fb4661aa50f7b05158cd062d80762

SHA512
00ccf9326e593236f57c39ffcd3ab1a77c54755c5f938207ad548d64d60a7468ea21f6e340d385e6576bb049bca1dd318da572c5808c353dda1c4629fd99bc42

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
047c779f39ebb4f57020cd5b6fb2d083

SHA1
440077fc83d1c756fe24f9fb5eae67c5e4abd709

SHA256
078d2551f53ca55715f5c6a045de1260ce331b97fd6d047f8455e06d97ef88dc

SHA512
95a57d79c47d11f43796aea8fd1183d3db9448dee60530144b64a2dd3cd863f5b413356076c26101d96dd007ebf8aff9e23cf721ba4e03d932c333b8e5536b73

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
16KB

MD5
10e9dfc88bf784847e7b9aab82e28d0c

SHA1
cb750cf87d561ca32f5860854da374dae6c9f2ad

SHA256
e6bab87156c9e7ae14ce36a754eb6891891a22ddfff584b706538152017fbb0f

SHA512
29c2edb44cada75ee8ccae1b55a405c8282c937450913196d54b6da1a1e121451c6e14a92a200574984961fa8c649d8a40caf58ea50a33d42a7dfae4439091c2

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
1f1d50aa4553e77f6b90ae13bd56a95c

SHA1
cf421a298f485c2a000791e1840ededeea19bad0

SHA256
d343529d2a49cbb89d644deafce573b873ab45e0bf57e2d906b2f2a964d7bd9a

SHA512
a08bdcc2883066a8bdb9336eec5c7f8593202c367ce75a7d7390ed4c6e0e1dbe80b7afadeee78f12ac0386d70ac360af12bf0ff3285acda0425789038951f180

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
fa5327c2a3d284385d8dc3d65935604b

SHA1
a878b7cdf4ad027422e0e2182dad694ed436e949

SHA256
704ad27cab084be488b5757395ad5129e28f57a7c6680976af0f096b3d536e66

SHA512
473ff715f73839b766b5f28555a861d03b009c6b26c225bc104f4aab4e4ea766803f38000b444d4d433ff9ea68a3f940e66792bae1826781342f475860973816

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
cefab9071ec289d88bb312816e62ca82

SHA1
bd95bd97332ea21506171924acde4f4248a2ee6a

SHA256
340ced80fbcfca804925ff680da1929f68b95959fd7e4d0c9f67322bb5fe2155

SHA512
03c4b2b155392dc02370994d28b78d18c38ccbb0c594866ae31db54111f0f18e264e1378acde0f2638e19871d7e3df7ca3365ad63c0de689c331f6e5b14e3582

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\client\jvm.dll

Filesize
3.9MB

MD5
a8e195d5da7a51d0df7b11c27e16d308

SHA1
48ba0f9240749cccf4087aa592010893691650de

SHA256
32a38e0733b6024d92d2d9bef61392d448f02b15733684abf99bae420adc1d80

SHA512
c2bc08b5870be978f432ebeaa5e06785fdeb72dc0b12969deeb6ec3d8479199c57d26176d654e0ae38ae235f8a3ef06f8cf7d6ddbe3184ad685a5c9406694509

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\java.dll

Filesize
139KB

MD5
ba2541e98ffb0257d3a9a408e839dfb8

SHA1
447526b7fbe84a9f582aba9dbef4c1ef5325d9f8

SHA256
69a6b0dbfef2c96db6f43c071af09a99d90729278ee3cdce85f9fb9c5d7eb849

SHA512
518405b4804605bb1df158382316f2c972298a9e3a6d4c403254b296fbede40432e9b982a9ca091cde02589f534b61b9df4986ff35fc53e6d2eefd21eb812724

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\runtimejavaw.exe

Filesize
251KB

MD5
a66d056719ec11f70beb6f0cc68b0efd

SHA1
8a29d66a8f01c0c29c1de763134de62fd1b96ff2

SHA256
d7e8047de0a76b13316cbb39785a85696f3bda193aaaf03f3f3c26412b6985cb

SHA512
c14110d3d26100dcabdee0e19418b29b0aa474eb459dde87dcd53c37c311758cdc05c39e61ded936fe67c3dddd541b641edf88e78cb0349bf998c3ce0de93f87

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\runtimejavaw.exe

Filesize
251KB

MD5
a66d056719ec11f70beb6f0cc68b0efd

SHA1
8a29d66a8f01c0c29c1de763134de62fd1b96ff2

SHA256
d7e8047de0a76b13316cbb39785a85696f3bda193aaaf03f3f3c26412b6985cb

SHA512
c14110d3d26100dcabdee0e19418b29b0aa474eb459dde87dcd53c37c311758cdc05c39e61ded936fe67c3dddd541b641edf88e78cb0349bf998c3ce0de93f87

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\ucrtbase.DLL

Filesize
1.1MB

MD5
126fb99e7037b6a56a14d701fd27178b

SHA1
0969f27c4a0d8270c34edb342510de4f388752cd

SHA256
10f8f24aa678db8e38e6917748c52bbcd219161b9a07286d6f8093ab1d0318fa

SHA512
d787a9530bce036d405988770621b6f15162347a892506ce637839ac83ac6c23001dc5b2292afd652e0804bd327a7536d5f1b92412697c3be335a03133d5fe17

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\verify.dll

Filesize
46KB

MD5
54db87c55f45f1f4a585892c108a9fef

SHA1
f5afc6e32a5822e5850f48e67648e3d6d27c551e

SHA256
23e09cfe28a815905bca306fc37d78678df425c6089b074738d94301947cc62a

SHA512
fcc2687ca8aee5ad331ece7af6c7add8a92fa4efae1ab965c7435e6c6b418100b20e91950ab388b5b5a0425135226765150753983bb6fdad3c237709534b70af

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\bin\zip.dll

Filesize
79KB

MD5
ee5304acff3ed074a5d93c23f3efe260

SHA1
26cbc5be3773b409a1775ae57717396c0a2ef8fa

SHA256
98c1f3b8a100ee268687796d5c0de84a99987634af18ba5ce976e80befcae6cc

SHA512
12803e33dd4bb5d3fa974e2472f2e821b4204d3d4f66fd88b861b0f9d777abcea0dd62606c5f31fd992374e1b42276c0f78feca4b5ea09d8c3697ff0d7784258

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\jre\lib\i386\jvm.cfg

Filesize
623B

MD5
9aef14a90600cd453c4e472ba83c441f

SHA1
10c53c9fe9970d41a84cb45c883ea6c386482199

SHA256
9e86b24ff2b19d814bbaedd92df9f0e1ae86bf11a86a92989c9f91f959b736e1

SHA512
481562547bf9e37d270d9a2881ac9c86fc8f928b5c176e9baf6b8f7b72fb9827c84ef0c84b60894656a6e82dd141779b8d283c6e7a0e85d2829ea071c6db7d14

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\msvr32.exe

Filesize
278KB

MD5
4f2c784cd156bcdd22e386d44c7829c9

SHA1
7e837958f10d3e9db5072f3f0072b132c039e416

SHA256
dca3e10822eab4856116669d8724d445248c599f7f3f9044dfc547e95fb4276e

SHA512
7f9cfe0a4e10b32c47463de6fc33f0fdfd23d4f993ec59655838480700e1e614c06beb5880750f243265e52d9773ab6e63213bde7e1990857da4bfd157a5a809

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\msvr32.exe

Filesize
278KB

MD5
4f2c784cd156bcdd22e386d44c7829c9

SHA1
7e837958f10d3e9db5072f3f0072b132c039e416

SHA256
dca3e10822eab4856116669d8724d445248c599f7f3f9044dfc547e95fb4276e

SHA512
7f9cfe0a4e10b32c47463de6fc33f0fdfd23d4f993ec59655838480700e1e614c06beb5880750f243265e52d9773ab6e63213bde7e1990857da4bfd157a5a809

Download Submit
C:\Users\Admin\AppData\Roaming\.socket\socket.jar

Filesize
17.8MB

MD5
4576b207ce381fb39c8279caaa206780

SHA1
e3d0ae4d25d1b7db5e1a8930e4a52de5060d618f

SHA256
b22035c16dfbb8cd2590aa5fb8b84f2da0adbe9032ed235a424f191b9dab1837

SHA512
1f0493672549ad18966daa792f48b640e04768f68eec41e1d7c462856d0a4e36d945d1f00d43e3bf5e3225ba501acb0d71f708ab08684deec9faf63f561fa29a

Download Submit
C:\Users\Admin\AppData\Roaming\c75c6c37b2d7a3\cred64.dll

Filesize
162B

MD5
1b7c22a214949975556626d7217e9a39

SHA1
d01c97e2944166ed23e47e4a62ff471ab8fa031f

SHA256
340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87

SHA512
ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5

Download Submit
\Users\Admin\AppData\Local\Temp\1000001001\client.exe

Filesize
93.4MB

MD5
64d802756e7231204531491c35a9d528

SHA1
74eb304b410b0279f014ff5986c5b87054a999c2

SHA256
5e7e84acd280cb92a764a84eaa078371d4df3f589ce935715ed671b75c7dacb7

SHA512
0afdfbd6b5ef1bff6af82d9b2558713cc31eca68e012085bd26f997f7a2fbdbcf43fa325d95691c5ad144c3dbf20a6e216764e7ee9002c8fec72176e1ea595da

Download Submit
\Users\Admin\AppData\Local\Temp\1000001001\client.exe

Filesize
93.4MB

MD5
64d802756e7231204531491c35a9d528

SHA1
74eb304b410b0279f014ff5986c5b87054a999c2

SHA256
5e7e84acd280cb92a764a84eaa078371d4df3f589ce935715ed671b75c7dacb7

SHA512
0afdfbd6b5ef1bff6af82d9b2558713cc31eca68e012085bd26f997f7a2fbdbcf43fa325d95691c5ad144c3dbf20a6e216764e7ee9002c8fec72176e1ea595da

Download Submit
\Users\Admin\AppData\Local\Temp\d8bf47ee03\Utsysc.exe

Filesize
437KB

MD5
625cb97439daa80940791f626bb4765c

SHA1
af462cf5435efceefcd6786f212e192403e80c4b

SHA256
79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71

SHA512
145f8dba2288b45ef2f0ba1582861131501fb90697dfd1a79bfcdb93fa1d9110283ccb95e24317876082c7b5b24e32f2d7f954d93cb0cac2d819dec920d00891

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-core-file-l1-2-0.dll

Filesize
10KB

MD5
7d64aefb7e8b31292da55c6e12808cdb

SHA1
568c2a19a33bb18a3c6e19c670945630b9687d50

SHA256
62a4810420d997c7fdd9e86a42917a44b78fb367a9d3c0a204e44b3ff05de6d4

SHA512
68479da21f3a2246d60db8afd2ae3383a430c61458089179c35df3e25ca1a15eba86a2a473e661c1364613baa93dcb38652443eb5c5d484b571ab30728598f9b

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-core-file-l2-1-0.dll

Filesize
10KB

MD5
dcd09014f2b8041e89270fecd2c078b2

SHA1
b9f08affdd9ff5622c16561e6a6e6120a786e315

SHA256
6572965fd3909af60310db1e00c8820b2deef4864612e757d3babab896f59ed7

SHA512
ef2ac73100184e6d80e03ce5aa089dbddb9e2a52adf878c34b7683274f879dcf2b066491cfc666f26453acbd44543d9741f36369015bd5d07e36b49d435751f6

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
3979437d6817cdf82da474c8a1eefb0d

SHA1
5e96fe40993acbc7c2e9a104d51a728950ad872e

SHA256
3dd2e16b6f135cdd45bce4065f6493540ebbaf2f7f1553085a2442ea2cf80a10

SHA512
4f64c6d232fdae3e7e583cb1aa39878abbfbbc9466108b97a5dce089c35eb30af502b5b212b043c27c1b12b23c165bd2b559060c43d9e2efcdda777b34f0066b

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
4da67feefeb86b58a20b3482b93285b3

SHA1
6cd7f344d7ca70cf983caddb88ff6baa40385ef1

SHA256
3a5d176b1f2c97bca7d4e7a52590b84b726796191ae892d38ad757fd595f414d

SHA512
b9f420d30143cf3f5c919fa454616765602f27c678787d34f502943567e3e5dfb068fec8190fea6fa8db70153ed620eb4fe5dc3092f9b35b7d46b00cc238e3ba

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
3339350008a663975ba4953018c38673

SHA1
78614a1aad7fc83d6999dcc0f467b43693be3d47

SHA256
4f77abb5c5014769f907a194fd2e43b3c977df1fb87f8c98dd15a7b950d1e092

SHA512
a303fd57dd59f478a8d6c66785768886509625a2baf8bf2b357bb249fc93f193ac8c5c2c9193e53738805700e49b941bf741d6c4850a43f29a82424ccdda191b

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-convert-l1-1-0.dll

Filesize
14KB

MD5
392b572dc6275d079270ad8e751a2433

SHA1
8347bba17ed3e7d5c2491f2177af3f35881e4420

SHA256
347ceeb26c97124fb49add1e773e24883e84bf9e23204291066855cd0baea173

SHA512
dbdbd159b428d177c5f5b57620da18a509350707881fb5040ac10faf2228c2ccfd6126ea062c5dd4d13998624a4f5745ed947118e8a1220190fdb93b6a3c20b7

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
9806f2f88ba292b8542a964c0b102876

SHA1
c02e1541a264a04963add31d2043fa954b069b6b

SHA256
cf601a7b883bb4fb87c28b4a1d9f823d2454b298cdbcb4da4f508db8bd1278ba

SHA512
d68cb926de3caa498ad2aea60e2c5dbb72f30836a6ad9bb11a48f2ca706656981d9332dae44769ccf6f8de3b2ea1507983440afbe1322520f2fd1674cd8de823

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
12KB

MD5
1747189e90f6d3677c27dc77382699d8

SHA1
17e07200fc40914e9aa5cbfc9987117b4dc8db02

SHA256
6cc23b34f63ba8861742c207f0020f7b89530d6cdd8469c567246a5879d62b82

SHA512
d2cc7223819b9109b7ce2475dfb2a58da78d0d3d606b05b6f24895d2f05fb1b83ee4c1d7a863f3c3488f5d1b014cd5b429070577bd53d00bb1e0a0a9b958f0b1

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-heap-l1-1-0.dll

Filesize
11KB

MD5
1bcb55590ab80c2c78f8ce71eadeb3dc

SHA1
8625e6ed37c1a5678c3b4713801599f792dc1367

SHA256
a3f13fa93131a17e05ad0c4253c34b4db30d15eae2b43c9d7ec56fdc6709d371

SHA512
d80374ec9b17692b157031f771c6c86dc52247c3298594a936067473528bbb511be4e033203144bbf2ec2acfd7e3e935f898c945eb864dcf8b43ae48e3754439

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
7481e20041cf8e366d737962d23ec9de

SHA1
a13c9a2d6cf6c92050eaae5ecb090a401359d992

SHA256
4615ec9effc0c27fc0cfd23ad9d87534cbe745998b7d318ae84ece5ea1338551

SHA512
f7a8e381d1ac2704d61258728a9175834cf414f7f2ff79bd8853e8359d6468839585cb643f0871334b943b0f7b0d868e077f6bd3f61668e54785ee8b94bf7903

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
f4e9937296ec528938a3c28a48687f5c

SHA1
961390a2c5e08336857c8a39b254b2bfe3d8bdc6

SHA256
190a2cc8c8e47fcd4d07b4e260e247fb3b5fb4661aa50f7b05158cd062d80762

SHA512
00ccf9326e593236f57c39ffcd3ab1a77c54755c5f938207ad548d64d60a7468ea21f6e340d385e6576bb049bca1dd318da572c5808c353dda1c4629fd99bc42

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
047c779f39ebb4f57020cd5b6fb2d083

SHA1
440077fc83d1c756fe24f9fb5eae67c5e4abd709

SHA256
078d2551f53ca55715f5c6a045de1260ce331b97fd6d047f8455e06d97ef88dc

SHA512
95a57d79c47d11f43796aea8fd1183d3db9448dee60530144b64a2dd3cd863f5b413356076c26101d96dd007ebf8aff9e23cf721ba4e03d932c333b8e5536b73

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
16KB

MD5
10e9dfc88bf784847e7b9aab82e28d0c

SHA1
cb750cf87d561ca32f5860854da374dae6c9f2ad

SHA256
e6bab87156c9e7ae14ce36a754eb6891891a22ddfff584b706538152017fbb0f

SHA512
29c2edb44cada75ee8ccae1b55a405c8282c937450913196d54b6da1a1e121451c6e14a92a200574984961fa8c649d8a40caf58ea50a33d42a7dfae4439091c2

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
1f1d50aa4553e77f6b90ae13bd56a95c

SHA1
cf421a298f485c2a000791e1840ededeea19bad0

SHA256
d343529d2a49cbb89d644deafce573b873ab45e0bf57e2d906b2f2a964d7bd9a

SHA512
a08bdcc2883066a8bdb9336eec5c7f8593202c367ce75a7d7390ed4c6e0e1dbe80b7afadeee78f12ac0386d70ac360af12bf0ff3285acda0425789038951f180

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
fa5327c2a3d284385d8dc3d65935604b

SHA1
a878b7cdf4ad027422e0e2182dad694ed436e949

SHA256
704ad27cab084be488b5757395ad5129e28f57a7c6680976af0f096b3d536e66

SHA512
473ff715f73839b766b5f28555a861d03b009c6b26c225bc104f4aab4e4ea766803f38000b444d4d433ff9ea68a3f940e66792bae1826781342f475860973816

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
cefab9071ec289d88bb312816e62ca82

SHA1
bd95bd97332ea21506171924acde4f4248a2ee6a

SHA256
340ced80fbcfca804925ff680da1929f68b95959fd7e4d0c9f67322bb5fe2155

SHA512
03c4b2b155392dc02370994d28b78d18c38ccbb0c594866ae31db54111f0f18e264e1378acde0f2638e19871d7e3df7ca3365ad63c0de689c331f6e5b14e3582

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\client\jvm.dll

Filesize
3.9MB

MD5
a8e195d5da7a51d0df7b11c27e16d308

SHA1
48ba0f9240749cccf4087aa592010893691650de

SHA256
32a38e0733b6024d92d2d9bef61392d448f02b15733684abf99bae420adc1d80

SHA512
c2bc08b5870be978f432ebeaa5e06785fdeb72dc0b12969deeb6ec3d8479199c57d26176d654e0ae38ae235f8a3ef06f8cf7d6ddbe3184ad685a5c9406694509

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\java.dll

Filesize
139KB

MD5
ba2541e98ffb0257d3a9a408e839dfb8

SHA1
447526b7fbe84a9f582aba9dbef4c1ef5325d9f8

SHA256
69a6b0dbfef2c96db6f43c071af09a99d90729278ee3cdce85f9fb9c5d7eb849

SHA512
518405b4804605bb1df158382316f2c972298a9e3a6d4c403254b296fbede40432e9b982a9ca091cde02589f534b61b9df4986ff35fc53e6d2eefd21eb812724

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\msvcp140.dll

Filesize
428KB

MD5
fdd04dbbcf321eee5f4dd67266f476b0

SHA1
65ffdfe2664a29a41fcf5039229ccecad5b825b9

SHA256
21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794

SHA512
04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\runtimejavaw.exe

Filesize
251KB

MD5
a66d056719ec11f70beb6f0cc68b0efd

SHA1
8a29d66a8f01c0c29c1de763134de62fd1b96ff2

SHA256
d7e8047de0a76b13316cbb39785a85696f3bda193aaaf03f3f3c26412b6985cb

SHA512
c14110d3d26100dcabdee0e19418b29b0aa474eb459dde87dcd53c37c311758cdc05c39e61ded936fe67c3dddd541b641edf88e78cb0349bf998c3ce0de93f87

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\ucrtbase.dll

Filesize
1.1MB

MD5
126fb99e7037b6a56a14d701fd27178b

SHA1
0969f27c4a0d8270c34edb342510de4f388752cd

SHA256
10f8f24aa678db8e38e6917748c52bbcd219161b9a07286d6f8093ab1d0318fa

SHA512
d787a9530bce036d405988770621b6f15162347a892506ce637839ac83ac6c23001dc5b2292afd652e0804bd327a7536d5f1b92412697c3be335a03133d5fe17

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\vcruntime140.dll

Filesize
77KB

MD5
ba65db6bfef78a96aee7e29f1449bf8a

SHA1
06c7beb9fd1f33051b0e77087350903c652f4b77

SHA256
141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493

SHA512
ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\verify.dll

Filesize
46KB

MD5
54db87c55f45f1f4a585892c108a9fef

SHA1
f5afc6e32a5822e5850f48e67648e3d6d27c551e

SHA256
23e09cfe28a815905bca306fc37d78678df425c6089b074738d94301947cc62a

SHA512
fcc2687ca8aee5ad331ece7af6c7add8a92fa4efae1ab965c7435e6c6b418100b20e91950ab388b5b5a0425135226765150753983bb6fdad3c237709534b70af

Download Submit
\Users\Admin\AppData\Roaming\.socket\jre\bin\zip.dll

Filesize
79KB

MD5
ee5304acff3ed074a5d93c23f3efe260

SHA1
26cbc5be3773b409a1775ae57717396c0a2ef8fa

SHA256
98c1f3b8a100ee268687796d5c0de84a99987634af18ba5ce976e80befcae6cc

SHA512
12803e33dd4bb5d3fa974e2472f2e821b4204d3d4f66fd88b861b0f9d777abcea0dd62606c5f31fd992374e1b42276c0f78feca4b5ea09d8c3697ff0d7784258

Download Submit
\Users\Admin\AppData\Roaming\.socket\msvr32.exe

Filesize
278KB

MD5
4f2c784cd156bcdd22e386d44c7829c9

SHA1
7e837958f10d3e9db5072f3f0072b132c039e416

SHA256
dca3e10822eab4856116669d8724d445248c599f7f3f9044dfc547e95fb4276e

SHA512
7f9cfe0a4e10b32c47463de6fc33f0fdfd23d4f993ec59655838480700e1e614c06beb5880750f243265e52d9773ab6e63213bde7e1990857da4bfd157a5a809

Download Submit
\Users\Admin\AppData\Roaming\.socket\msvr32.exe

Filesize
278KB

MD5
4f2c784cd156bcdd22e386d44c7829c9

SHA1
7e837958f10d3e9db5072f3f0072b132c039e416

SHA256
dca3e10822eab4856116669d8724d445248c599f7f3f9044dfc547e95fb4276e

SHA512
7f9cfe0a4e10b32c47463de6fc33f0fdfd23d4f993ec59655838480700e1e614c06beb5880750f243265e52d9773ab6e63213bde7e1990857da4bfd157a5a809

Download Submit
memory/1412-0-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2008-446-0x0000000002300000-0x0000000004300000-memory.dmp

Filesize
32.0MB

Download
memory/2008-457-0x0000000002300000-0x0000000004300000-memory.dmp

Filesize
32.0MB

Download