2b9bd18500ea9ff7b8009b09fcd07f1acae0f4ca30c149c6df07be300a6a1ada

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Amnesia Mod Menu.exe
Size

14.2MB
MD5

9521094215c5767152c92d6c0598b1ad
SHA1

ae121d8ee401dcba23e5db8fd47d7c51e9dee740
SHA256

c95d8fd91927aa49039e4a30c78980ae0e7c6794de9f566d6abb2075f9cb5afe
SHA512

a108a7908d44c192b212485763136fd87d47e90b60b78b7f4228d8dc3eef45e63d588845a5ea334b4447aa07f279a1bdafd4ef6033ba168352fc1836ffce1b7b
SSDEEP

393216:OEkZgf8Mxq1+TtIiFGvvB5IjWqn6ekWz1QypX8Wjs+da:ORbqq1QtIZX3ILn6ek9yCes+da

Score

7^/10

spyware stealer

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amnesia Mod Menu.exe	Amnesia Mod Menu.exe

Loads dropped DLL 42 IoCs

pid	Process
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe
388	Amnesia Mod Menu.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
23	api.ipify.org
25	api.ipify.org
52	api.ipify.org
58	api.ipify.org
62	api.ipify.org

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
3204	tasklist.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3204	tasklist.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 388	2516	Amnesia Mod Menu.exe	88
PID 2516 wrote to memory of 388	2516	Amnesia Mod Menu.exe	88
PID 388 wrote to memory of 4808	388	Amnesia Mod Menu.exe	92
PID 388 wrote to memory of 4808	388	Amnesia Mod Menu.exe	92
PID 4808 wrote to memory of 3204	4808	cmd.exe	94
PID 4808 wrote to memory of 3204	4808	cmd.exe	94

C:\Users\Admin\AppData\Local\Temp\Amnesia Mod Menu.exe
"C:\Users\Admin\AppData\Local\Temp\Amnesia Mod Menu.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\Amnesia Mod Menu.exe
  "C:\Users\Admin\AppData\Local\Temp\Amnesia Mod Menu.exe"
  2⤵
  - Drops startup file
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4808
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI25162\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\_asyncio.pyd

Filesize
69KB

MD5
209cbcb4e1a16aa39466a6119322343c

SHA1
cdcce6b64ebf11fecff739cbc57e7a98d6620801

SHA256
f7069734d5174f54e89b88d717133bff6a41b01e57f79957ab3f02daa583f9e2

SHA512
5bbc4ede01729e628260cf39df5809624eae795fd7d51a1ed770ed54663955674593a97b78f66dbf6ae268186273840806ed06d6f7877444d32fdca031a9f0da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\_bz2.pyd

Filesize
82KB

MD5
59d60a559c23202beb622021af29e8a9

SHA1
a405f23916833f1b882f37bdbba2dd799f93ea32

SHA256
706d4a0c26dd454538926cbb2ff6c64257c3d9bd48c956f7cabd6def36ffd13e

SHA512
2f60e79603cf456b2a14b8254cec75ce8be0a28d55a874d4fb23d92d63bbe781ed823ab0f4d13a23dc60c4df505cbf1dbe1a0a2049b02e4bdec8d374898002b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\_cffi_backend.cp312-win_amd64.pyd

Filesize
178KB

MD5
0572b13646141d0b1a5718e35549577c

SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7

SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7

SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\_ctypes.pyd

Filesize
122KB

MD5
2a834c3738742d45c0a06d40221cc588

SHA1
606705a593631d6767467fb38f9300d7cd04ab3e

SHA256
f20dfa748b878751ea1c4fe77a230d65212720652b99c4e5577bce461bbd9089

SHA512
924235a506ce4d635fa7c2b34e5d8e77eff73f963e58e29c6ef89db157bf7bab587678bb2120d09da70594926d82d87dbaa5d247e861e331cf591d45ea19a117

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\_decimal.pyd

Filesize
246KB

MD5
f930b7550574446a015bc602d59b0948

SHA1
4ee6ff8019c6c540525bdd2790fc76385cdd6186

SHA256
3b9ad1d2bc9ec03d37da86135853dac73b3fe851b164fe52265564a81eb8c544

SHA512
10b864975945d6504433554f9ff11b47218caa00f809c6bce00f9e4089b862190a4219f659697a4ba5e5c21edbe1d8d325950921e09371acc4410469bd9189ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\_hashlib.pyd

Filesize
64KB

MD5
b0262bd89a59a3699bfa75c4dcc3ee06

SHA1
eb658849c646a26572dea7f6bfc042cb62fb49dc

SHA256
4adfbbd6366d9b55d902fc54d2b42e7c8c989a83016ed707bd7a302fc3fc7b67

SHA512
2e4b214de3b306e3a16124af434ff8f5ab832aa3eeb1aa0aa9b49b0ada0928dcbb05c57909292fbe3b01126f4cd3fe0dac9cc15eaea5f3844d6e267865b9f7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\_lzma.pyd

Filesize
155KB

MD5
b71dbe0f137ffbda6c3a89d5bcbf1017

SHA1
a2e2bdc40fdb83cc625c5b5e8a336ca3f0c29c5f

SHA256
6216173194b29875e84963cd4dc4752f7ca9493f5b1fd7e4130ca0e411c8ac6a

SHA512
9a5c7b1e25d8e1b5738f01aedfd468c1837f1ac8dd4a5b1d24ce86dcae0db1c5b20f2ff4280960bc523aee70b71db54fd515047cdaf10d21a8bec3ebd6663358

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-console-l1-1-0.dll

Filesize
13KB

MD5
fc2940df5611ffe17e13bb35b08f10f3

SHA1
458938079b166a80beb2d7fb94dda66e68f3c764

SHA256
e71d0a38f2fe3e1f9fad8f7b0079348bd73b7d86c21005eb2d723ac5cb87b1fa

SHA512
76bc9e852fdb6b93d0400d9f31f6b9d2260759c03a445a3373940ef5d6e0b093c6623cffe7261f9be65802dbc9e690da480c148ce22627d7369754685df7d8d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-datetime-l1-1-0.dll

Filesize
13KB

MD5
2cc6a02fa092de27b7e6ff3542a8d481

SHA1
743526b0b984e7cf34bdbd34271a398561d50c67

SHA256
6f509d529f1ad1f0c4b696fd7f65c671e7eb0fe8f3e0377c2dba8682ef3eaada

SHA512
16224de0becb97be33bf7c196f396652a7e14b39af77a422a80b9028dc3bf8ef38d2d6f480811606390ef53edb922975d2cecdf0a104c81c8282bff83672bf39

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-debug-l1-1-0.dll

Filesize
13KB

MD5
0109e606e9dd3c3649854e3fe8fe2d90

SHA1
2837a156c3660bb494af5c28497bed5acf4a1569

SHA256
5003b2e5efe9019dd442eafe129fd59be189a365edbf2cc7ff7a2f0163a52715

SHA512
e6ceca0105645ca3af2f3f6ed52ff9c39c9b8afcb53bdf7ee3458b64c2a8772b7dfb6426c2688cf7b9aa382a9febebb9e21cfa8ecc340cf9a3574291ddf85467

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
13KB

MD5
39cf49b2f5a0e8677e361d927483e7c2

SHA1
961d08f56d240a3311991e02b6d4cae2de6f1613

SHA256
6747924572f23bcb0e187d098545f50c38d410d60da1b9ac6ba1b06b63b7f421

SHA512
1bd898dbdb081a046669cb5c08ae6e05ec411951f83edbbebfaf631c49b8ddbfcad7aafd8cdc7bdf9d38d497afffa300d9d3ad175de2d24957dbdde7f81eea22

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-file-l1-1-0.dll

Filesize
16KB

MD5
e844a9a4de76ee4688bf8da4b620c892

SHA1
4e838492ce24fd9fe3dbbcbb51c4a9f03127e6e7

SHA256
e4a082166e983bbab9fa7466fcffd535f121700b5a06a609a0c358e98192f217

SHA512
4b402f8ec9834ed4ee6523d0a86a9b9fdc85495cee57c0ca080b4ff446d9240b6f22488873d14720f9e18bb246ccadfb5580e4201cef0aed76f016e4c64480df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
9bc4835950a7f3476820af95dfe43d6d

SHA1
28e9d96c6dde13cd03ef989c0ae13a0f062b16d5

SHA256
45e67e7b5c491aa3a92cd54b401696d147b1f5adab4a9e275dd2fd28b64851d6

SHA512
3509bb892406ffb4445267de150c08ee648189659838403f47628b535b47a71c02e40fa3e47e881e0225461a7d66e791a13894cab30f8cd1247c01f10d7ffc27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
45e820df2e3930ea7ec5fd8f00176dfa

SHA1
67adc9eb2e4692661d318cad31b6cb059dcc6ed9

SHA256
21d59cacfd35738c790cb5a4ce9ae1eff859d967b820fec0e566e1c9cd52daf7

SHA512
a1033c985bf47f9b367c954592806a002fa3bbd3e87314f91e18564dbc96f61e0735ab8b0d12ec7ae8692edb7cb05662d780dd72ac4b971153cd61cddf5f022a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-handle-l1-1-0.dll

Filesize
13KB

MD5
c59da5e95e583365e9dd460aa1cf8219

SHA1
4a58c2dff6bc4d68f1e404df4be203dd1369e53e

SHA256
568262e93a4de914dfc2de04f60057aa68ee284c7a03df5d657e386a38e26ae7

SHA512
ac95f5c005ac38390a9452f76df7f7ee33558c62adea566de5d44fad570c986fc893730519bab232a7b7abb78690f771e543c5fc0ac54d7524868cef1e45885f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-heap-l1-1-0.dll

Filesize
13KB

MD5
7b17d7636dd070cb39c6e56cbd6d32e7

SHA1
8f354913369cf24c5d32a9df7756d85801676994

SHA256
80e974f31c4cc7d20f6f7fecae3d9425e1bf607bf2cbcafcb5519e5c6339439b

SHA512
d67e9e8ed13df2f1bf0585c3ede7d28870ebc06f146eab80c0feb484d3862af8c3b9b85bbdb8306545bdb9ee1cd5982d952e9432b67f5ee69d0f6f597570deaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
13KB

MD5
9560064ef8ab2c256f5150a59d9ea5c6

SHA1
083b126391c552a4c0b9634ef28ae2358a6de41e

SHA256
b48f80a056889b19112c4fcd3c6cd46291e91ab4f16731d70d45e2186d88e3dc

SHA512
16320da42d741cb5e3d6ab7a807dffa703e98b9e3fa03d86e5eff5e21c7367a221ec07e5a4f913b3d47aa057a72799b437375e8c504c1678ffe6480d1e5695ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
14KB

MD5
8226f5e05fe01ccd5c7281bfd1e9102b

SHA1
ae9b4809ef08806875fd077c57e5eebb7c428e2a

SHA256
8d5d6fa9fbd6e4c5cb27829da97058c1a73622a0c3ff5ce9cf4d5bebd5e446c1

SHA512
fa607087d51dcabc301edd4b162bcf65432939f2ce305dd95525a110d1435a11c1efaf86fbfd54dc6ca8731618c13f622fedcb902631afbdfd5fe79c1bc16206

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
335430a90b091bb2fa1b4413ad820249

SHA1
6e36f48db57ae04515b6ec307894dc15e591924b

SHA256
0b8d2b999bdccfc549277631d9643431ea2babbab4abd7b6e876f9c38dc1bcd2

SHA512
748fc6ee330e9976e46138f3930bd9d018e05da8d3802dcaa308d5ae23c674f75707992afbcb4031b0ff4a35a9492277fbe0fe762b603a11187c1ae958c8d4aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-memory-l1-1-0.dll

Filesize
13KB

MD5
07e6014d0fd0f1fd3fd5864a6ec6f2a5

SHA1
bcf2f9d60ba17a30577ca7132f115dcf17992ebe

SHA256
9c6733443ad23462f749d7a03dd475d7677cfc745ca7a29b64b8a9bedb7f85e3

SHA512
fa4afb5430de5d9ab3903ec8c0a8f206489841290baa50358557f48a97f810e751086660a0aee2672c72f63e71530de4738ddf1446e1b0324888f965d4170a2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
13KB

MD5
2f3d2be8d436d1148852c5267be1828d

SHA1
90e84754855a07440db67177727ea336c9618cd8

SHA256
c0194ba979bd707ff5ec90f383c0dac38d2ac8f02389813ae48db2535e0b6a92

SHA512
32ca8ce7647b60f4f0df444bd5bfc4f69e8e72e30bd7abb663c96aad499198fea954f6f85c538ed580365a7244c3f6e0f7df2dafe8cfc0bef8b46e5b1c08ea9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
14KB

MD5
f06a29835bef2f87e48a70c2a4091223

SHA1
d3d902bace43a045247715fc3de46f075e2613c3

SHA256
3c56529c2dabb9a3c8581a72269522101afa97f96b195b894b64d2097a1e04e8

SHA512
aa42f6424b6e7cec349c43fab6e265fa562de5d3d90134219dd09cf3858ff6df00ebcd7b5162a2f0617900d2af3bfac65b690b0678fa040d2de79b1e68849448

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
15KB

MD5
a20096437b02045df9c20f3a2c069851

SHA1
91516c1b84cf4bbcb70336bf61f5cff876383a5a

SHA256
3298054170a75f947358011d50cb7e77ed45b60fa287b9a3f65d3a15aefa6f04

SHA512
acf61b7988deb1e072520ca0f73187a2b733f9293bcef026fe16855e87b74bb1278750d6fa2880e3e4230ef2f6239812b28b6baa94621ad75e543ccda0c9f722

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
3a27cb98ca41718a6b195605a4645b97

SHA1
e36a5cffe3ce81d07816a4d343723a3852fabc02

SHA256
6eda1d6b3e6c42062339275fb266e310226f8e1b401ce38b7db0b594fbe3067f

SHA512
dd7f8039383bc339250bddff1010a95b3db3f07b6b27be1b797eeed45c7fea7e85c064315cc85616048f19a8125dc37912278a3183433fc03428a42717b2ce55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-profile-l1-1-0.dll

Filesize
12KB

MD5
fceb1adbf11f7ccb3b7ae046a359c8d3

SHA1
e1a5891548ab77c1a0e06aac11d3a5f7d051a1cb

SHA256
ced08826ccb885aa0a2662b966f3dc812f0fff50dca017012dba2d35117f771b

SHA512
bf723a205a4de36611bb4ec7c86b4bbf951fb44fdd55b7bbfbc8444874abaede6b150b58b40ff06ff4abc5d68c6c09c1c0a4cc36eedb6e7945d963caf8a66f20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
13KB

MD5
884295c1d71be03c97fe573672454307

SHA1
620edf6e023308170420ed553a09be522f7a969b

SHA256
b54ef32e6b0f3f86885e392ffcc6f7d079df75a8223b157f88100fa19dba518b

SHA512
bd691534c7e0af1fb75a4f9a69566b8ccf1939076cb304eb3890b240da559346e330eb99f44d32a398a69bdbee3205e4b0659a368a5ea64e8ea833813a056c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-string-l1-1-0.dll

Filesize
13KB

MD5
1670b3a4f224ad3c56c54e00c2d45e95

SHA1
2d418b27f015a116b2e4fd83f29dc6f8e26694c2

SHA256
18e1c32d043f6f2e68da554fe3f892742c3ffc50cbf7d5e03733d87443a179c8

SHA512
02b2df687d0d3c9fc343ba6ff2a6fc28f506ed7b634bea98d68485fa783777ecec958a3a2eee3a0ffcd9c04aad8ec74a0405b19d459e2edfede43c0a83f51a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-synch-l1-1-0.dll

Filesize
15KB

MD5
f58e12b7238bcf1075098d3c86188dd6

SHA1
a9c393f06045396edb4a24501bed89ac1277fd72

SHA256
ab9f0939de0176e0d521658a08ef68bf3f884e7143b531e5719bcc39e3a0beb2

SHA512
603e08b4e1572c2e8b9e4462886e97a74400364d7bda0ac8ef2f1efbf76abd922b137661fc92831ea313dff9a4f6926c625f34083fa6f48e084be82e7f990589

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-synch-l1-2-0.dll

Filesize
13KB

MD5
67a9dc509556bedd35ed80dc288dc0be

SHA1
0319bc49b67cd40dbe2cdb71fb417007e8560270

SHA256
04c6a0a9aa1b1730342261a51515164514550add3b4a32332cc83591266b0e67

SHA512
73949fef93fd7e45bf8328105c47abaeaaf66c93f84bd1cd8bf3354b2c2628523bb43cbb39e6ed7cce99ff0c05e4de8d70f6a0ac7e1ab522a7e55d1e1e6ab8c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
14KB

MD5
554f35af3254a0e62d7cabaacc5389d6

SHA1
ea0d2779c95511c175850ea268cb9b416caf6971

SHA256
61d6eddd557da0985b2deac73a02be66afbb09944274cb310d05d5d11ec56e87

SHA512
3b1c746c9ff69ddfb28c04b7e332c52f855eb8fc62af2b1a8c9eb84772ffef42d17645eee7890e792d5f1ad5dd67c5eb1d578287a9e171a39715988a179c1a5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
2b8746bde570dd3158659a1773633ee7

SHA1
fbf57cd42796fa45b7df406a6e5cb3145e2c82b3

SHA256
48ad199008d76485ac0b53fed0a6fe65db48eba9eabb2b30527639e0b9bcd0db

SHA512
efce98cadf1b161e6dcb1783aa297e7ff37fe01ababcbd9e92114041a9b51ba74766b2ccd2127dd309c0b341f5a73f2a11ea78d8eca4564122a202324688bf74

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-core-util-l1-1-0.dll

Filesize
13KB

MD5
2ec48a39496a2a6f932d14894c436a4d

SHA1
f1d0597561748709741038ac3fd4c2f5d778ce42

SHA256
1250be4dce7b7c8a4fcb4d580e9f350ab9d3f0495c5b5e280566e48e51a7c68e

SHA512
8f12f397aa46079ba7972034407d4da1bcde059fa1d4ce24be90e34bebcbcefa3142af80147d27a3e223235f32a1201effcdfa714fe094853e7600efbe5c4111

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-conio-l1-1-0.dll

Filesize
14KB

MD5
94edc966b39602b5455aeb32352a5d44

SHA1
016e38717d25be0d7ea053922482f95959fc4075

SHA256
e6dc735e6cca1c49361e64331b576b5ec214471ea7c37752e4395b8cc13b5f79

SHA512
117c585e58ec2df6308b9a37a24aa7cdbc923f7bb5f2a51dd87966b685a2dd205209462ae460b307e011d135b0ce4b404b0bca6acc3f8dd5470c190d6e904752

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-convert-l1-1-0.dll

Filesize
17KB

MD5
a4ec5ae1acfde782e1319e8f85313336

SHA1
8585b5da2cbedc354def4c3d550a11e88902857c

SHA256
b51f0835d0b28eeb1e02534bdc58abbcebbd72e8d22573e881279884fcfe6845

SHA512
511721cdc4495308c89f982a1b572993ff6545c4f23dacb92ceb1325d90575996e0531d9f1138e581b61e49278bee890501cd880b35fa6e8dcd0214b297bdd75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-environment-l1-1-0.dll

Filesize
13KB

MD5
1e130c5f44b4a12ab6ba7b680e5feb5b

SHA1
c77a10f3a7016a7920093be60c5c68e47300a8b2

SHA256
1750c184416f124e7560c381dda1aac188bf6f49b01be72b7f9eec67c544aadc

SHA512
07f1a98ec834fc821591a7d95e928302ffd6618f461fb88435329d79979e5727d58c1d33b629198be3cbd7e93c564f30caf4b74a84234dc94273712b9a4dde1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
15KB

MD5
f2b26d86d1be923628d1ace8d3ab1c72

SHA1
0f642c0121aaf6dcc65426fa887a3ecc9cbc161c

SHA256
45d26eb20f70b21f46b5ff19720ad798039c11029c989d6e89ede79972a66ece

SHA512
f205316d42bfacaf612db0d9c4763635d9e58e318802fb539319e476c12b3df823ddd4b133bd31ad7c2ec85d05726d7982dde889eb7afe46a901824487b2b39a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-heap-l1-1-0.dll

Filesize
14KB

MD5
49164c4b82543af482cf365f0ec4d363

SHA1
86c0b103ab52720c171dc70677137f0cddf0cef3

SHA256
e740eadc46972507ad99bafbbddcec35a42cbbed9ec2cacec79486a610d8ec2e

SHA512
bddeb223e1f9499e6e80395e5b447d77476eb868f66c67eb40b76648fb7d1a052a411ab0ee78e28f6a8a057e03726c987a68dbbe3052b19528e65285d4e4d0cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-locale-l1-1-0.dll

Filesize
13KB

MD5
7b9f8b2365c80d105a3f345e9ebf8a93

SHA1
1effdc49398be0191a3387dbb2d57861cd4f8fc7

SHA256
15e3f1a679c40b911bd161737e232b28c684d27a8b37339f96f688cebf7e14e0

SHA512
583426eaec11d239f64cfe04049c6bf7cfd09da9f11a6949436c625d7608059138a813d39861a11535568c69cad382c0410778d486b3201da6c87e0323138989

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-math-l1-1-0.dll

Filesize
22KB

MD5
b3fb768b17a2a58a3129f36fc802ad23

SHA1
70294c5db34c3a9359722ed2129e3d28d818dd19

SHA256
0589ea8268b0a3cdef5297bda77e362fd6b5c6bab6b596e92acc11409578a4ed

SHA512
c5103f6f6dfba897442c74f6005f065cfc670e310755f60094f2d703c576b5832f02794439a1fab854448ed13e0991bce26b1e3bb9c74c3b647d41d1013ef875

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-process-l1-1-0.dll

Filesize
14KB

MD5
da37014719870a0280440c283ce0e376

SHA1
82b792a599694f4c4dd8fef2aacc4f674b2c30f9

SHA256
faa56562e161e887c2dabbf2e3ecc4c776a716aed68c67363bed791850b67672

SHA512
844b201068ebdbbde9d1f837cc6be14337f86243bef47f8ff2c6475e232ef9491d1d43a859c18bba77134e2b93ddf96fe64f630a347c87681c82115534d27ad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
17KB

MD5
72719d6e3b08c9572741695304d75b63

SHA1
a6a4908d5b6f20eed3af50277440fc979f22aca3

SHA256
0de24bd55a366c90386ad9210f9d3b9b71ed956e54166927929b038a73b4ca70

SHA512
068e6c39c8c5202bbc634817d168bbb26d2108a5192376a1c77bca4baa0c23aae7193d710c20befd5043cdbe8162edf299ba2e48776dc3905f90555b53d98ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
19KB

MD5
51212d82964b75c4a3eda96cfb809fa3

SHA1
07602eca6fcb84ae5df54b5b1bb6309608f07d3d

SHA256
5071fcbc9287dfab415f343c20b43cc1188f2a4a6141f84a2c833c24e0aea09f

SHA512
34fd5b6efa185fffb77a517c03eca6a4cd8b18ad23eb5e0edd6aedf0ca84e81e0bb682f8f5f221f94c8111fca1191c438fd560ccee0536001dea419f5e9e4726

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-string-l1-1-0.dll

Filesize
19KB

MD5
14b536ef29e7d9940c9512fe9f08b6c7

SHA1
51624fa6ef29d8d247b37923edfc4bed615eb7a2

SHA256
8eb49487659606a8ff8b319de13f1ea9d69ff2946f7134d881a6652f34528f79

SHA512
b3a00c36af61650a2155b0b0292bb5815d1f2a15ea49952f819042697dcccadf0dc8ccc1b37f23a271a410bb3c540eb7d38df4ecd356e153055dce28a3c5a450

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-time-l1-1-0.dll

Filesize
15KB

MD5
bc329577fc745cc5df1efdaf4069f6b1

SHA1
0edbf4a3a64fe655b2c877afad19532c9789dd8c

SHA256
03a9135a85b32bc90d3b3307582e6b81c5718de96585d92f06f852ca76171f79

SHA512
e0c9ff6f9097ccbc084d74be7014f264baefb79176052f75ea114e0f9073050789ecd9cfe3b5db750e8b205b46b8e66db74d1bfe57313b9a1d9764af7157ecdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\api-ms-win-crt-utility-l1-1-0.dll

Filesize
13KB

MD5
7c0d9adb6f7bafbc9f358808a1bd0bc2

SHA1
7bdbeb49eb14e1d01bc667974eafb8b9e1a42e35

SHA256
5f6bc1b33b538f0d1a23c8525175163cf3bce0f45ea1444dc31f2889a99ce2ea

SHA512
474aac1bf2d07f6cd28ddf5fbfdd605ec702dd3ceec12166ef98cb1014cc4b048fd04dc3eaa84de1d5b03dfa6285cf6c32a25bcc13b9c0916e2c3e2347667bd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\base_library.zip

Filesize
1.3MB

MD5
630153ac2b37b16b8c5b0dbb69a3b9d6

SHA1
f901cd701fe081489b45d18157b4a15c83943d9d

SHA256
ec4e6b8e9f6f1f4b525af72d3a6827807c7a81978cb03db5767028ebea283be2

SHA512
7e3a434c8df80d32e66036d831cbd6661641c0898bd0838a07038b460261bf25b72a626def06d0faa692caf64412ca699b1fa7a848fe9d969756e097cba39e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\libcrypto-3.dll

Filesize
1.8MB

MD5
f89097ee84741723b6544df73e652471

SHA1
d63626fc94771cacc3fc473c049e6fc12c6d316b

SHA256
4d5dee9b20aef1a8136c3aebcdd8bbb3bc6b0fd2cadd9f5d2875bab0cf4810fa

SHA512
d3e3e0a8582fe39613ed22e217a8dca3c5c7487a2b47b8d93784b8c6a506484895de8ee03ce8d2057cd5e033368cce15e6e0037031b363e4a687f774cb4346d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\pyexpat.pyd

Filesize
194KB

MD5
f179c9bdd86a2a218a5bf9f0f1cf6cd9

SHA1
4544fb23d56cc76338e7f71f12f58c5fe89d0d76

SHA256
c42874e2cf034fb5034f0be35f7592b8a96e8903218da42e6650c504a85b37cc

SHA512
3464ece5c6a0e95ef6136897b70a96c69e552d28bfedd266f13eec840e36ec2286a1fb8973b212317de6fe3e93d7d7cc782eb6fc3d6a2a8f006b34f6443498de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\python312.dll

Filesize
3.0MB

MD5
1a997fe0cfa7aeb9c9bffa336d0bf05c

SHA1
cde689aeee16743ef58628512ca0780932dac079

SHA256
acb1abdbfdfb165e7a674abb2fecb43735ab076960f111636fced3108c5e272a

SHA512
a39082539fee794249bc70fdda73512b854df99f1737f1a84a929817670af7e415a62b97a8cadb9e4032403891c8cb07d73543f2f2d4c24b80b3a8397e2effce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\python312.dll

Filesize
1.9MB

MD5
ffcd42afa1fb54646786d5dc5e2c8700

SHA1
608ea55c8544eea014e41c42248e2cf5b34cf32a

SHA256
49b8ae0486afd679ba923123e287ec029ab3cb1628c5142543fdd106b57251cb

SHA512
c3a5714d13746319d91ec79ea21ab551cf0b66f2ee173f271ec0d13d88038d233edd51bada54fd78295081bb61bd69067bac3a256ee2728ddf18f400b98b3b32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\select.pyd

Filesize
29KB

MD5
8a273f518973801f3c63d92ad726ec03

SHA1
069fc26b9bd0f6ea3f9b3821ad7c812fd94b021f

SHA256
af358285a7450de6e2e5e7ff074f964d6a257fb41d9eb750146e03c7dda503ca

SHA512
7fedae0573ecb3946ede7d0b809a98acad3d4c95d6c531a40e51a31bdb035badc9f416d8aaa26463784ff2c5e7a0cc2c793d62b5fdb2b8e9fad357f93d3a65f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\sqlite3.dll

Filesize
1.3MB

MD5
b11d954c24a1c24a9ab2706447fd7249

SHA1
c55b6a33f39fff680349cda40291a515d7475895

SHA256
1506a0f3ed82ff5c3f629df9b6532e6e95b304a88a3588eeaae700a19e7e34ce

SHA512
a52a939de63b569043f5e793ae6bae6eb6beeef93693f5d3b99ae5e2fda6ba9e359b6e619e905aea570114b24764daca1c8bfec134789b5bcbbcd696aa0ee8db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\ucrtbase.dll

Filesize
987KB

MD5
6d937b4dced2b6f8f8ca694edbee5cc4

SHA1
4da06634e690c6f3fbcb657d4786964357925e07

SHA256
878816948a27a2409a2a3ab9367e28d72d03ced0ebb70b84cff66f764e5cc2e2

SHA512
35ce260501926746f13725ea1b01138eb56123a67b62e24041a1b71f58d999b283e74dfb0b740ae33c163e8089b0fa340ab747ead1a03d7edb14be2694cea7fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25162\unicodedata.pyd

Filesize
1.1MB

MD5
04f35d7eec1f6b72bab9daf330fd0d6b

SHA1
ecf0c25ba7adf7624109e2720f2b5930cd2dba65

SHA256
be942308d99cc954931fe6f48ed8cc7a57891ccbe99aae728121bcda1fd929ab

SHA512
3da405e4c1371f4b265e744229dcc149491a112a2b7ea8e518d5945f8c259cad15583f25592b35ec8a344e43007ae00da9673822635ee734d32664f65c9c8d9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\crcook.txt

Filesize
29B

MD5
155ea3c94a04ceab8bd7480f9205257d

SHA1
b46bbbb64b3df5322dd81613e7fa14426816b1c1

SHA256
445e2bcecaa0d8d427b87e17e7e53581d172af1b9674cf1a33dbe1014732108b

SHA512
3d47449da7c91fe279217a946d2f86e5d95d396f53b55607ec8aca7e9aa545cfaf9cb97914b643a5d8a91944570f9237e18eecec0f1526735be6ceee45ecba05

Download Submit