8a0cd0d9e7eb2ff12107ac3e78acc36e7065a82650b32557ceabb67c86c760ec

Analysis

max time kernel
67s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

colorbot/aimsource.exe
Size

54.8MB
MD5

93e69cc53eb8c3d032f202b011c303cb
SHA1

0cb7b7a76b79d5726b317a6578ea462899dd3fae
SHA256

69cb1f25fbb76e6c9d80f08b51418480f712a471ce2ac67fdb8af82cf53cc1a6
SHA512

741970015d29416a3e9b2506359df346c1ad5e530df8cca050a1870841f5113bc78154ea78b3fa281d123b6545a17381c2725f44e1ec2a4f7eeb54ac9ff9b056
SSDEEP

1572864:CMFP/V4f6Gj53ikjt4jRq2GqFOPV5Yi22qHWB75iUHS5n:zt/VG6RmtCRlGPrw2qHO5in

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 33 IoCs

pid	Process
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe
2908	aimsource.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
15	raw.githubusercontent.com
16	raw.githubusercontent.com
25	discord.com
26	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2539840389-1261165778-1087677076-1000\{01490FEC-254E-4691-B6EA-633DCA2B8815}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
456	msedge.exe
456	msedge.exe
432	msedge.exe
432	msedge.exe
364	identity_helper.exe
364	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2908	aimsource.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2908	2020	aimsource.exe	87
PID 2020 wrote to memory of 2908	2020	aimsource.exe	87
PID 2908 wrote to memory of 3216	2908	aimsource.exe	88
PID 2908 wrote to memory of 3216	2908	aimsource.exe	88
PID 2908 wrote to memory of 456	2908	aimsource.exe	91
PID 2908 wrote to memory of 456	2908	aimsource.exe	91
PID 456 wrote to memory of 3204	456	msedge.exe	92
PID 456 wrote to memory of 3204	456	msedge.exe	92
PID 2908 wrote to memory of 1828	2908	aimsource.exe	93
PID 2908 wrote to memory of 1828	2908	aimsource.exe	93
PID 2908 wrote to memory of 1484	2908	aimsource.exe	94
PID 2908 wrote to memory of 1484	2908	aimsource.exe	94
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 5060	456	msedge.exe	96
PID 456 wrote to memory of 4116	456	msedge.exe	97
PID 456 wrote to memory of 4116	456	msedge.exe	97
PID 456 wrote to memory of 4068	456	msedge.exe	98
PID 456 wrote to memory of 4068	456	msedge.exe	98
PID 456 wrote to memory of 4068	456	msedge.exe	98
PID 456 wrote to memory of 4068	456	msedge.exe	98
PID 456 wrote to memory of 4068	456	msedge.exe	98
PID 456 wrote to memory of 4068	456	msedge.exe	98
PID 456 wrote to memory of 4068	456	msedge.exe	98
PID 456 wrote to memory of 4068	456	msedge.exe	98
PID 456 wrote to memory of 4068	456	msedge.exe	98
PID 456 wrote to memory of 4068	456	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\colorbot\aimsource.exe
"C:\Users\Admin\AppData\Local\Temp\colorbot\aimsource.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Users\Admin\AppData\Local\Temp\colorbot\aimsource.exe
  "C:\Users\Admin\AppData\Local\Temp\colorbot\aimsource.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/nDREsRUj9V
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd58fd46f8,0x7ffd58fd4708,0x7ffd58fd4718
      4⤵
      PID:3204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
      4⤵
      PID:5060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
      4⤵
      PID:4068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
      4⤵
      PID:2300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
      4⤵
      PID:1604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
      4⤵
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 /prefetch:8
      4⤵
      PID:2372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4604 /prefetch:8
      4⤵
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
      4⤵
      PID:4316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
      4⤵
      PID:1604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
      4⤵
      PID:2528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
      4⤵
      PID:3396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,4014571770071387667,8753162031416614141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
      4⤵
      PID:1060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title Colorbot
    3⤵
    PID:1828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
f29b9918077defceb5a69b52590d5001

SHA1
d78976cf9bbdb8a9f6c12523798cb94efdd59361

SHA256
474c53e40b151fd4cb51472e7531d15fcb882955982ff6a148ad9c228c1e2fe0

SHA512
8e478f40c38ba64b95ffc73f91b1cae0ad496ea8f6278b77dfe3f6107cde8dca5b9a972eb01862b7e103076c9dbf4fe85db287c422b8779490e32e6dc69d5292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a715fa1a174acc4c89b1951f13ec1e4

SHA1
6607ac43e7c8cf2e7f63602a53212797b970c0bb

SHA256
6161daafe2921338a0df5858c87bdd59cf1d85f0bb12ff28545381e77e15cd6d

SHA512
dbbf7f164fdf63d8e4ff01c4a7ae9ce285854833410831597c5cdb9c3fde01b093ccb712aa8ee7a5c0351140d0934f7b30411d0a34340cc97deaacdcd5e4fa89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af90f5e443aebba72f6ea5add33a492a

SHA1
53622f4c23f59470c8527e2771b5dcdc1e132751

SHA256
1939bd342d0f409ef9b05f3d80fec30f119e99aa19f72c969020b56a8522fedc

SHA512
1c2227940bedb5d24dcffdfeaf17a4c29fed17ee3c3ec58213bb0770bc53b54c72378e8914499a68b49e10cff43c9f751ac4cb0406c4b45f8f28d2094df62d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cc83ec37c61898788020bb1b0af21fb5

SHA1
16ed6b5551c2a92c33563cb13b36b1569b32b84e

SHA256
df737b394be19afae3ece5670f0a92124b938654ba0209c9d3e1ba80e488c26b

SHA512
ed3a303fc74cb49bf11b2dbcc55a57908253dfbf1eca86bc80c06228278b942eb4df98d311db249a3a92abc1961f25d5b7f1f50b3659b082ab7d93e7727249f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\VCRUNTIME140_1.dll

Filesize
36KB

MD5
37c372da4b1adb96dc995ecb7e68e465

SHA1
6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

SHA256
1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

SHA512
926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_asyncio.pyd

Filesize
64KB

MD5
c39fa3d657d1376e002901314c94e77f

SHA1
c2d4e593bf574b0cb10970d44fbd3edd1a39a3aa

SHA256
fbde7fb72842c392bd9282ddb65bb786fbc12d01aabf3dbce83ab2f7565f2964

SHA512
88f35ef78e513c71615af09efa9772f6f9ecaeece8ca8eaa99c591ffdb7e4af7bb181e89c3ccffd1538766b64e440017431c664b40a0b8766c3e6120cfa626fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_bz2.pyd

Filesize
85KB

MD5
c013236b137b64ff2f30dc0c2af56084

SHA1
3d600c348794b3116c0d3230a40672be350142f7

SHA256
c435022d2cc868e26cde10e7749862ee8a177fced3289d49c3bc33af0c949d3f

SHA512
8fc14cafc32331af3f04257ea38d562d419c2c8c89ccaa8ace51593e708ec9cb27d9e1bd241bc717f929bd2d8c68aa78824af6b5adf1bde0e25812ec4de15852

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_ctypes.pyd

Filesize
124KB

MD5
22cf43eaca1f0745896ccd7e8910f9e4

SHA1
3df4d9f7386a044943fdcea6665acc0a13ed9fce

SHA256
aaf9f6487b618aeb15dfe7d77b3f0d58185718fd68631323e56392ddef1d000f

SHA512
2e6d1cfabda0f617cd3acef0a9255e4c56868e66a7545a36f2da441ea27a40a45450887a48e0164a542fec1d6ae59f2933c2b6d95a4ea5cf4d2c249a3e886e10

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_decimal.pyd

Filesize
264KB

MD5
ea868d77edd4fa3281048fdd45d5cdf4

SHA1
e2617e46596a437e96f259a0d46323ff392eb6c9

SHA256
a3b5f473bdf602442444de670b30d768e202b268209774d40c172eba4e226624

SHA512
3568c1d3831cbcdee5b8e2fb35833e794b82ea23762bdedee579591235ba3ef28747dcbf8cf35d802ba936570da0a956b80f3913cc9fd5273d9068ae0610f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_hashlib.pyd

Filesize
63KB

MD5
96bdc361b3127f01eefbf0b54dc2813a

SHA1
f5900e228f6ccd1fe44a99a23cd27e6a71d2d88b

SHA256
95760d2f49b695cb0dc03720e2cdce34d1215285023f2bb7690f268e434c7871

SHA512
6a9a481d130eef5a98b5d2b40ddca1d7aa83d7abb255368f3fdca85c395b0cd0711765143a6ec8f14696599cfd4876375449272f013969a59e7f26618a730b36

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_lzma.pyd

Filesize
159KB

MD5
ecd60b380b7875d2521739e7acf365fc

SHA1
487ffde1f1a31f321a87658d22a1763624600304

SHA256
1dcb9689a2a3eb1c2554caec217d4f6a10cf677701bcb6f762d6cc2111d14c4a

SHA512
37db64611f7098c08089b17a88db638ec329fa2b652689a3a7509566110afe8eca3ac5e047530d628503d713e15584ad376631576fa9d3e9efb4a1ca0c3c1709

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_multiprocessing.pyd

Filesize
30KB

MD5
484a580ca0398ae225eefe012738687e

SHA1
e1dfe5f2da99e890290fee74e9332697f5b80ce5

SHA256
cb1f313de6b1c6f152091b5044554c453de6378dc2eac17171ba4a262e30711f

SHA512
62ce6cc12b8a35ad3f7e83f71667e0290db5dbc66ded78fccfb2c2dedcf09d733489d779f892718f78746d0551a13a71687f07a42bef0cf45b9fa4dd0504943e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_overlapped.pyd

Filesize
45KB

MD5
565a3f09c8372725cb22ee89df38cb6e

SHA1
5f362a65096d1d3f000ebf08653dff328c154a44

SHA256
0b561d24933409fe061cb924739f7a677c7153ae66cd7dc242ef1ffbe334274c

SHA512
f09e9813a1676167dff38430aaf7e7d689d5271874147bb3dde5d4c66dbd3e417f24df065b74c721d31ff0c859da6487878e1fea95d26bd62a221e684d72e178

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_queue.pyd

Filesize
29KB

MD5
aac0035f5b5868a3e92df59f19e00773

SHA1
b3215c188385010af8519af0a66b9075644c4760

SHA256
1ff1c01be25fd6797b263474c1c8df45107796a7e4d465e32a908d572d647b64

SHA512
a65975f3a1af79653a728aea801bc79de2274efcb5965f6433856c80f5584d16b46e339268068a3d5ca93216f0f3d81c7e79ac5a4eef2928dfeae0ed156d0b15

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_socket.pyd

Filesize
78KB

MD5
ac90b2535025c3d2d88632591b619b73

SHA1
eee7a2803412a7bb362bd64cba378cfb5808d42b

SHA256
ed1d6e0aa8237e491dde3c3fdfa6f4df35585eadf4716473f98aa86aa0a910d9

SHA512
5fa573e3e2f712925cfc48ec5809493ef43db5c6694d2e244bebe6b9d2ceecfa5979619730321fd2a88ad59bbd5eb2b70672045e5062748ecd53fd216d116202

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\_ssl.pyd

Filesize
152KB

MD5
e7d8bbca8b419f220c8cd81b285cb4ae

SHA1
c83d4e44704d46ddafb186526666bcf37aa927ea

SHA256
5e54983cb975784a358b2a02738d9db1296e0ab7aee1503277d3fdd8cf43e41c

SHA512
628107783757d52efdedd0a13ecbc9ef4c6422916104716c7dcb62bcb5beb735ca30ff990dee2916f752c4a643438c464cd6f5fb63c1366060a8b9ec52c45dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\base_library.zip

Filesize
828KB

MD5
73f8d61df85d3de5e66fa75499eb528a

SHA1
51ea08db8c3a4a36e7a83b7f2e2518d9cecf066a

SHA256
4f200ebb2c5fc088feb3b63b4a3e598aacaab70e7ac318ede54343a5d65ac01e

SHA512
72f19ebcd336a5358b4d32271881ce66542651c492fe94b4027a46927c4a2bfb00796a4f2bbb6fa924a943ca1cc51d82febf4ecd0b0caa978932e3b468703490

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\cv2\__init__.py

Filesize
6KB

MD5
eab99b31f1fd18e46e6e081ba3b5c06e

SHA1
9ca76b1097d58ef9c652aebfbeff32bfec17b25b

SHA256
b05b8000c71987cd4df824c1ed134b7fcd34617665e437b1aaec128f93d7f1c3

SHA512
7c4ea4a28f7876249b503155187bd59bcd9cf18a80264c8892e59e9fd7f3d461c91afc4c3c177dba48e1dfdd0feb5705b54b504f7daa886a2a0b72fddd1e80fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\keybinds.py

Filesize
4KB

MD5
ba6b93f22777b6c4794bb439cd839362

SHA1
7a02b68c839c53daff04255ee92db415e9034c66

SHA256
bc9548e307afd456096da0291bde060f01f2684794ed4c4af8449341dc02ee6d

SHA512
7cd85465675025e30c35e0d8b850891a31b23114bfa4fb3b75a5ee6d405916de299f92c9d22fbad67dfd5e7aea45545d64b685f7e0824e4b84839e010e7d510b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\libcrypto-1_1.dll

Filesize
3.3MB

MD5
63c756d74c729d6d24da2b8ef596a391

SHA1
7610bb1cbf7a7fdb2246be55d8601af5f1e28a00

SHA256
17d0f4c13c213d261427ee186545b13ef0c67a99fe7ad12cd4d7c9ec83034ac8

SHA512
d9cf045bb1b6379dd44f49405cb34acf8570aed88b684d0ab83af571d43a0d8df46d43460d3229098bd767dd6e0ef1d8d48bc90b9040a43b5469cef7177416a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\libssl-1_1.dll

Filesize
681KB

MD5
86556da811797c5e168135360acac6f2

SHA1
42d868fc25c490db60030ef77fba768374e7fe03

SHA256
a594fc6fa4851b3095279f6dc668272ee975e7e03b850da4945f49578abe48cb

SHA512
4ba4d6bfff563a3f9c139393da05321db160f5ae8340e17b82f46bcaf30cbcc828b2fc4a4f86080e4826f0048355118ef21a533def5e4c9d2496b98951344690

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll

Filesize
36.4MB

MD5
5e46c3d334c90c3029eb6ae2a3fe58f2

SHA1
ad3d806f720289ccb90ce8bfd0da49fa99e7777b

SHA256
57b87772bf676b5c2d718c79dddc9f039d79ec3319fee1398cc305adff7b69e5

SHA512
4bd29d19b619076a64a928f3871edcce8416bcf100c1aa1250932479d6536d9497f2f9a2668c90b3479d0d4ab4234ffa06f81bc6b107fad1be5097fa2b60ab28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\core\_multiarray_tests.cp39-win_amd64.pyd

Filesize
63KB

MD5
46a229f9c54c0f0211325dcc3826aca9

SHA1
e746610ba4dad9cc9e731655104fa5b017ced543

SHA256
7dff04e2a5bf5ea15535b897db792bf3b7ad1591fea919c15b4e9dbd4c5f67c6

SHA512
21dcb83213802082fd266e7634dfe5933def4bdf964b32c8769b75063af763d9db0000b7ed34327d9d3b46572bde70492d6000e2380849436878f37646bc2bcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\core\_multiarray_umath.cp39-win_amd64.pyd

Filesize
2.7MB

MD5
f5604fe675f54e081a2e522461371670

SHA1
5430bd0fe7ab9abab2ba657a603485a105c325d4

SHA256
174fa7b850775f0224764bb754d4c0ca5515885480aac14a08a2ea8c305aac16

SHA512
584c7f8510384e8095afc3008a84da38fc3ada4de4e8cbf14f1a6eb83b2180edbae1353a8bcc249dc89f6c5516c84b1ea8dd5f8fc8ac91bbf95628f4077837b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\fft\_pocketfft_internal.cp39-win_amd64.pyd

Filesize
107KB

MD5
715be8257d3d4717f0fccd54b04e8563

SHA1
988f23ad08647713a1c7d08eb55d00bf35d9e647

SHA256
2f2049f9ee05aecdfc59be6ef059c5f97b2b6bdebe5e27fdd431ad67f788d8d7

SHA512
5973a365c5c8ed35f1aa5ccd06fb2a346092c8d97544fd31ca80c7f9f1b2c0c057f5661c676e69d50a2609b1dc5b98344d16fa2f6a24fb1ca8fc76c553b5fb4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\linalg\_umath_linalg.cp39-win_amd64.pyd

Filesize
104KB

MD5
db7697c1626d30e98eabf9822fb8a088

SHA1
35aae7bb6f45546006d9eeb6b482fc115b8cbc2f

SHA256
3327e82005d1259bbece28122c75a4e83bb508ee0cd62114adc285f21ae89365

SHA512
bc4b9a0114bac52f19ca3ba1261b1a95553fe21899aaf51f0d63d4383eef8fd8979f8ab697d384117d170a2eec4d75aa8ba6aa313d82a3875c32f2b00a0f820d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\random\_bounded_integers.cp39-win_amd64.pyd

Filesize
251KB

MD5
bdd5db8721c48df94b9d7211f8acc5f8

SHA1
314da2c2978f43840f641fd6274177e4b0af9047

SHA256
1d5c98f95abc2c87533237b1200e14539b7c5d8f1bf90870c15cfc00d51097ff

SHA512
29874cda6595bd908c54a67c43bb8ad7b0d17ba1895650605d42b580a573395bfd4bf49453396ae131f192d2ab92627cf67667be19573fa6d79a39401c173033

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\random\_common.cp39-win_amd64.pyd

Filesize
170KB

MD5
075b073473a9529d0dbc2cbac637ce09

SHA1
903e1768a7a943a4fcfc122dc903f21ecd86c0e3

SHA256
48bf0e11f32dc18d4ae4bba02f952a21a167573326ae6da1a87dddd9349ec86c

SHA512
a8c2fb6e976ec26a11d5e2e1d23f1df59ffb71b7f5ae3983382ccee9bf256622c5ff27938fb5db4780e5be26f4ee2c749ffb8da594c84990581a54d4b68d961d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\random\_generator.cp39-win_amd64.pyd

Filesize
678KB

MD5
f193fdafa9db9a528b12edad61cc6e00

SHA1
8a9c7e78035f864102a3d84886d107539b3baefc

SHA256
99f57f0ec077f5cf3aef47aa2ef5291964f74be5d73851f63c7fd15b87c31cbe

SHA512
a8e317a120481d84d123283d68ed25b181e3baf5708a90c1980b53444419da30a305122b817a3a05ec5305676010884c54dca4103b82b4ca91d0eb83f38d724d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\random\_mt19937.cp39-win_amd64.pyd

Filesize
75KB

MD5
b15e49985a36102a282f4655d2115de2

SHA1
5cc2bf51e40738dabdfff5384c44398101777dca

SHA256
b7b81ef1df9952651c3473fd7d640d79b0524192050ae9bb8e2ab71e8eed3212

SHA512
30a1bc3d4fa27a5fda2fc4dde71f9a545a690bad1fd66c417c13e48918597f0e0daca88ca4a301b11457ca47746851fb70d2635c67722777baac0505ddcec864

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\random\_pcg64.cp39-win_amd64.pyd

Filesize
82KB

MD5
c2a8002bf0aa62e0bfe0f1e938a12ef6

SHA1
ad15a572d51f628757f227f881e004052a93a193

SHA256
c67705d6d3843a3656a8cd6eedac62c2b4209d3f801a92f3b2b5000a75600b8a

SHA512
b3fbd58cae741c00a14ad630ffacda5fa9f74bf6e558a7e8ecdd7418a131f7f615220db042bb55939e7cf754fa9cb6ad4ca19f8b7da39fd64f507b22e90d5907

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\random\_philox.cp39-win_amd64.pyd

Filesize
69KB

MD5
18e0b9676b9724a3931491828966beb2

SHA1
0c8846dfdb2900268009042dd53dff90570096d0

SHA256
73e35656e4e26137f771fddadb1b7a806fa8399bfa8abb66b63e1a9ede809d18

SHA512
5e4dcba88657bc099ac6bd43c46fbd88aef42e8f7ec3698cfb8334ffc46e5f12d0b74b2e8b00297a8f2fb943accf123debbea384cb4da8cedaa3c764de86b49e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\random\_sfc64.cp39-win_amd64.pyd

Filesize
50KB

MD5
eeecd86be89a4944a7fc0569f31a48ec

SHA1
572f70eca1fb29d9b12cc4bb3278309d0dd3aabc

SHA256
5f778438d9bfc32b4ad3cb0ef7182af098504a081aa5e17db077cf424dae8d42

SHA512
3f3566734d6bd057231253b026b41dc3ae8f6ea579ee54a58c18d1ad66f8cddbc3785c3a234ffa5f5cb9d3e1ca4efad1cb8b9728c4e3473dace0f00b68033d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\random\bit_generator.cp39-win_amd64.pyd

Filesize
160KB

MD5
b2879af0ec91b94458e85c03c441cd14

SHA1
d8431b9e52277dd768666a7a20e4c5217362a980

SHA256
8b7b29f63f051f93ab7be369e7fd22cab1385e3aaa83d7beb3267df4f39154ab

SHA512
3dbce2b102e2a7ad62881ff24d2446ab25dc760bd5c1af8ee8780d08a94270d55b5754d99fcea1e5fbf885d3789a7983177e91ba132edffb38274b6f45298247

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\numpy\random\mtrand.cp39-win_amd64.pyd

Filesize
583KB

MD5
12c6aab00309d50d5ff5e7b6877f83d6

SHA1
d53b321b496ff637643570a948a7238a3098be9c

SHA256
f2206738b19668bc5718d0e684890ab9a6d420aac35d5c784d4cc35a6d520493

SHA512
564e75b86af8ed3fccec51f85ad5442b5b68ee70393126a61f0ff174d1d0165e427e413f8b02724dcf748a4bdfa3f1b58a5d1fbf2adbd066be690471daa10673

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\pyexpat.pyd

Filesize
199KB

MD5
34ea1b1c7d3a9effda3a485d21abade3

SHA1
6fb594c0c73e02b5f89b019f188c4ca69ba5dcb1

SHA256
215614c89aed025166d3434252bd914ea2ac5af0762d2dd01ed4f4966d9ed711

SHA512
8874be2826e0d3a94e9fb400438bf9b0197ff47eff4e7af3a643934c6e56905b658acf23fbf088be0926700723bce62125c418ca927d41c2935bdff8b3ca912c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\python3.dll

Filesize
58KB

MD5
2ddd2ee635db86575c416f075c41ac8c

SHA1
99d03f524823059066995181ba21be29d90f2488

SHA256
be0b573bc6f005235354c246e1f9f626793687f50ad632feb2e767398f414fe3

SHA512
b84d4b3ca1298897cfafe195394ec6fdb51ed42ce0ca9ea0ab60dc2a8c31b2c865c4cc4fe0df3ffe1c813d21ca6013661e0cb83a91614472c7f6e3a7c78c1f06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\python39.dll

Filesize
4.3MB

MD5
5871ae2a45d675ed9dd077c400018c30

SHA1
ddc03af9d433c3dfad8a193c50695139c59b4b58

SHA256
5d0ff879174faec03eb173eb2088f2e7519f4663dd6bfe5b817ec602c389ae20

SHA512
d87a90dbf42c528bc3fa038eb83d4318d2e8577a590bf9c84641c573b5b2fea83aac91bb108968252e07497424ed85f519a864e955f94a7f8e87bfc38e0f4b7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\select.pyd

Filesize
28KB

MD5
0906200f02e2ee5eb3da08a64f10a69e

SHA1
5afcb2cc53a6d8ca85d1fe51389632b8b84d5194

SHA256
fb4fa3aed7a7955d4f78a3fbc2a6e6e1ab8d9e3768bb8b3f3a85866d1f2d74d5

SHA512
b69e9f7fdd77f776acd056cc8a2d8b34da76e1f30a50117b9aa6bf467a9ce7178407fc6b5e2126c0eea6f995ffa8ae94f92e0632c566fc39bab29ff278193cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20202\unicodedata.pyd

Filesize
1.1MB

MD5
814d6938da8e46d79b64326aa967a1a0

SHA1
6d020c9ca51d7d4e77c197f5394d7e157482cea3

SHA256
4059acb95b05b4536c983ebd232dc5aec00828914e61f31674b0fdf41656deb6

SHA512
f286b6e813bcd3ee9aad25f804689e3e8bbe13a41bb5715e49bcc1dc7ccae2f0c7595dbaabad806fea65825952e5e31d32ac9b31e583bf4b7cdf716ae6fa08d1

Download Submit
memory/2908-221-0x00007FFD598F0000-0x00007FFD5B9A6000-memory.dmp

Filesize
32.7MB

Download