829d348eb2637386211bfe31b9ce1cca1c545e3a18a60bf20513a969fe97596b

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gasai_cracked/launcher.exe
Size

4.9MB
MD5

05bc8e2e0473d2bcb2d959d5ecde2d37
SHA1

555f073467bbc064db4049d3ea6be5221d601d72
SHA256

1e13949291b38b35ff7ae80f701ca50753e47472c3667470a82a5206ad6d9801
SHA512

645297f215c4734acbb8d580f9be220cd42a8a7d9bcf3f08b149cbd1e4f867c06252f44915317052ee66599de7401def0f8477eae40973e680c247bc4293c88e
SSDEEP

98304:YKRGpvYMi4MIMPgQesZCWV9yfmYGefQBZaLHNjj5YdRBuwo:YIiv9iqMPzyHGef0SB5Y1

Score

9^/10

evasion themida

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Gasai.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Gasai.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Gasai.exe

Executes dropped EXE 1 IoCs

pid	Process
3772	launcher.exe

Loads dropped DLL 64 IoCs

pid	Process
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe
2028	Gasai.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral16/memory/2028-4007-0x00007FFD3CF70000-0x00007FFD3D7AB000-memory.dmp	themida

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2028	Gasai.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe
3772	launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3772	launcher.exe
Token: SeDebugPrivilege	2028	Gasai.exe
Token: SeShutdownPrivilege	2028	Gasai.exe
Token: SeIncreaseQuotaPrivilege	8072	WMIC.exe
Token: SeSecurityPrivilege	8072	WMIC.exe
Token: SeTakeOwnershipPrivilege	8072	WMIC.exe
Token: SeLoadDriverPrivilege	8072	WMIC.exe
Token: SeSystemProfilePrivilege	8072	WMIC.exe
Token: SeSystemtimePrivilege	8072	WMIC.exe
Token: SeProfSingleProcessPrivilege	8072	WMIC.exe
Token: SeIncBasePriorityPrivilege	8072	WMIC.exe
Token: SeCreatePagefilePrivilege	8072	WMIC.exe
Token: SeBackupPrivilege	8072	WMIC.exe
Token: SeRestorePrivilege	8072	WMIC.exe
Token: SeShutdownPrivilege	8072	WMIC.exe
Token: SeDebugPrivilege	8072	WMIC.exe
Token: SeSystemEnvironmentPrivilege	8072	WMIC.exe
Token: SeRemoteShutdownPrivilege	8072	WMIC.exe
Token: SeUndockPrivilege	8072	WMIC.exe
Token: SeManageVolumePrivilege	8072	WMIC.exe
Token: 33	8072	WMIC.exe
Token: 34	8072	WMIC.exe
Token: 35	8072	WMIC.exe
Token: 36	8072	WMIC.exe
Token: SeIncreaseQuotaPrivilege	8072	WMIC.exe
Token: SeSecurityPrivilege	8072	WMIC.exe
Token: SeTakeOwnershipPrivilege	8072	WMIC.exe
Token: SeLoadDriverPrivilege	8072	WMIC.exe
Token: SeSystemProfilePrivilege	8072	WMIC.exe
Token: SeSystemtimePrivilege	8072	WMIC.exe
Token: SeProfSingleProcessPrivilege	8072	WMIC.exe
Token: SeIncBasePriorityPrivilege	8072	WMIC.exe
Token: SeCreatePagefilePrivilege	8072	WMIC.exe
Token: SeBackupPrivilege	8072	WMIC.exe
Token: SeRestorePrivilege	8072	WMIC.exe
Token: SeShutdownPrivilege	8072	WMIC.exe
Token: SeDebugPrivilege	8072	WMIC.exe
Token: SeSystemEnvironmentPrivilege	8072	WMIC.exe
Token: SeRemoteShutdownPrivilege	8072	WMIC.exe
Token: SeUndockPrivilege	8072	WMIC.exe
Token: SeManageVolumePrivilege	8072	WMIC.exe
Token: 33	8072	WMIC.exe
Token: 34	8072	WMIC.exe
Token: 35	8072	WMIC.exe
Token: 36	8072	WMIC.exe
Token: SeIncreaseQuotaPrivilege	8152	WMIC.exe
Token: SeSecurityPrivilege	8152	WMIC.exe
Token: SeTakeOwnershipPrivilege	8152	WMIC.exe
Token: SeLoadDriverPrivilege	8152	WMIC.exe
Token: SeSystemProfilePrivilege	8152	WMIC.exe
Token: SeSystemtimePrivilege	8152	WMIC.exe
Token: SeProfSingleProcessPrivilege	8152	WMIC.exe
Token: SeIncBasePriorityPrivilege	8152	WMIC.exe
Token: SeCreatePagefilePrivilege	8152	WMIC.exe
Token: SeBackupPrivilege	8152	WMIC.exe
Token: SeRestorePrivilege	8152	WMIC.exe
Token: SeShutdownPrivilege	8152	WMIC.exe
Token: SeDebugPrivilege	8152	WMIC.exe
Token: SeSystemEnvironmentPrivilege	8152	WMIC.exe
Token: SeRemoteShutdownPrivilege	8152	WMIC.exe
Token: SeUndockPrivilege	8152	WMIC.exe
Token: SeManageVolumePrivilege	8152	WMIC.exe
Token: 33	8152	WMIC.exe
Token: 34	8152	WMIC.exe

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 3772	1548	launcher.exe	85
PID 1548 wrote to memory of 3772	1548	launcher.exe	85
PID 3772 wrote to memory of 4264	3772	launcher.exe	86
PID 3772 wrote to memory of 4264	3772	launcher.exe	86
PID 4264 wrote to memory of 2328	4264	cmd.exe	87
PID 4264 wrote to memory of 2328	4264	cmd.exe	87
PID 2328 wrote to memory of 2028	2328	Gasai.exe	94
PID 2328 wrote to memory of 2028	2328	Gasai.exe	94
PID 2028 wrote to memory of 4964	2028	Gasai.exe	95
PID 2028 wrote to memory of 4964	2028	Gasai.exe	95
PID 3772 wrote to memory of 2028	3772	launcher.exe	94
PID 2028 wrote to memory of 7756	2028	Gasai.exe	98
PID 2028 wrote to memory of 7756	2028	Gasai.exe	98
PID 2028 wrote to memory of 7916	2028	Gasai.exe	99
PID 2028 wrote to memory of 7916	2028	Gasai.exe	99
PID 2028 wrote to memory of 7940	2028	Gasai.exe	100
PID 2028 wrote to memory of 7940	2028	Gasai.exe	100
PID 2028 wrote to memory of 7964	2028	Gasai.exe	101
PID 2028 wrote to memory of 7964	2028	Gasai.exe	101
PID 2028 wrote to memory of 7992	2028	Gasai.exe	102
PID 2028 wrote to memory of 7992	2028	Gasai.exe	102
PID 2028 wrote to memory of 8008	2028	Gasai.exe	103
PID 2028 wrote to memory of 8008	2028	Gasai.exe	103
PID 2028 wrote to memory of 8016	2028	Gasai.exe	104
PID 2028 wrote to memory of 8016	2028	Gasai.exe	104
PID 2028 wrote to memory of 8040	2028	Gasai.exe	105
PID 2028 wrote to memory of 8040	2028	Gasai.exe	105
PID 2028 wrote to memory of 8064	2028	Gasai.exe	106
PID 2028 wrote to memory of 8064	2028	Gasai.exe	106
PID 2028 wrote to memory of 8072	2028	Gasai.exe	107
PID 2028 wrote to memory of 8072	2028	Gasai.exe	107
PID 2028 wrote to memory of 8100	2028	Gasai.exe	108
PID 2028 wrote to memory of 8100	2028	Gasai.exe	108
PID 2028 wrote to memory of 8136	2028	Gasai.exe	109
PID 2028 wrote to memory of 8136	2028	Gasai.exe	109
PID 8136 wrote to memory of 8152	8136	cmd.exe	110
PID 8136 wrote to memory of 8152	8136	cmd.exe	110
PID 2028 wrote to memory of 4568	2028	Gasai.exe	111
PID 2028 wrote to memory of 4568	2028	Gasai.exe	111
PID 2028 wrote to memory of 1532	2028	Gasai.exe	112
PID 2028 wrote to memory of 1532	2028	Gasai.exe	112
PID 2028 wrote to memory of 4320	2028	Gasai.exe	113
PID 2028 wrote to memory of 4320	2028	Gasai.exe	113
PID 2028 wrote to memory of 1120	2028	Gasai.exe	114
PID 2028 wrote to memory of 1120	2028	Gasai.exe	114
PID 2028 wrote to memory of 1268	2028	Gasai.exe	115
PID 2028 wrote to memory of 1268	2028	Gasai.exe	115

C:\Users\Admin\AppData\Local\Temp\gasai_cracked\launcher.exe
"C:\Users\Admin\AppData\Local\Temp\gasai_cracked\launcher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Users\Admin\AppData\Local\Temp\onefile_1548_133615637299342440\launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\gasai_cracked\launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "start Gasai.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\gasai_cracked\Gasai.exe
      Gasai.exe
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\gasai_cracked\Gasai.exe
        
        Gasai.exe
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Loads dropped DLL
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2028
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:4964
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:7756
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title GasaiSB: Starting...
        6⤵
        
        PID:7916
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c
        6⤵
        
        PID:7940
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c
        6⤵
        
        PID:7964
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title GasaiSB: Checking for updates...
        6⤵
        
        PID:7992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title GasaiSB: Loading config...
        6⤵
        
        PID:8008
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c
        6⤵
        
        PID:8016
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c
        6⤵
        
        PID:8040
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title GasaiSB: Logging in...
        6⤵
        
        PID:8064
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MANUFACTURER
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:8072
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c
        6⤵
        
        PID:8100
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c WMIC COMPUTERSYSTEM GET MANUFACTURER
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:8136
        
        C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC COMPUTERSYSTEM GET MANUFACTURER
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:8152
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        6⤵
        
        PID:4568
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        6⤵
        
        PID:1532
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c title Gasai SB 11.7
        6⤵
        
        PID:4320
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        6⤵
        
        PID:1120
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c
        6⤵
        
        PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\psutil\_psutil_windows.pyd

Filesize
76KB

MD5
ebefbc98d468560b222f2d2d30ebb95c

SHA1
ee267e3a6e5bed1a15055451efcccac327d2bc43

SHA256
67c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478

SHA512
ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\MSVCP140.dll

Filesize
576KB

MD5
01b946a2edc5cc166de018dbb754b69c

SHA1
dbe09b7b9ab2d1a61ef63395111d2eb9b04f0a46

SHA256
88f55d86b50b0a7e55e71ad2d8f7552146ba26e927230daf2e26ad3a971973c5

SHA512
65dc3f32faf30e62dfdecb72775df870af4c3a32a0bf576ed1aaae4b16ac6897b62b19e01dc2bf46f46fbe3f475c061f79cbe987eda583fee1817070779860e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\_brotli.cp310-win_amd64.pyd

Filesize
861KB

MD5
6d44fd95c62c6415999ebc01af40574b

SHA1
a5aee5e107d883d1490257c9702913c12b49b22a

SHA256
58bacb135729a70102356c2d110651f1735bf40a602858941e13bdeabfacab4a

SHA512
59b6c07079f979ad4a27ec394eab3fdd2d2d15d106544246fe38f4eb1c9e12672f11d4a8efb5a2a508690ce2677edfac85eb793e2f6a5f8781b258c421119ff3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\_bz2.pyd

Filesize
77KB

MD5
a1fbcfbd82de566a6c99d1a7ab2d8a69

SHA1
3e8ba4c925c07f17c7dffab8fbb7b8b8863cad76

SHA256
0897e209676f5835f62e5985d7793c884fd91b0cfdfaff893fc05176f2f82095

SHA512
55679427c041b2311cff4e97672102962f9d831e84f06f05600ecdc3826f6be5046aa541955f57f06e82ee72a4ee36f086da1f664f493fbe4cc0806e925afa04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\_ctypes.pyd

Filesize
116KB

MD5
92276f41ff9c856f4dbfa6508614e96c

SHA1
5bc8c3555e3407a3c78385ff2657de3dec55988e

SHA256
9ab1f8cbb50db3d9a00f74447a2275a89ec52d1139fc0a93010e59c412c2c850

SHA512
9df63ef04ea890dd0d38a26ac64a92392cf0a8d0ad77929727238e9e456450518404c1b6bb40844522fca27761c4e864550aacb96e825c4e4b367a59892a09e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\_lzma.pyd

Filesize
150KB

MD5
a6bee109071bbcf24e4d82498d376f82

SHA1
1babacdfaa60e39e21602908047219d111ed8657

SHA256
ce72d59a0e96077c9ea3f1fd7b011287248dc8d80fd3c16916a1d9040a9a941f

SHA512
8cb2dafd19f212e71fa32cb74dad303af68eaa77a63ccf6d3a6ae82e09ac988f71fe82f8f2858a9c616b06dc42023203fa9f7511fac32023be0bc8392272c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\_pytransform.dll

Filesize
1.1MB

MD5
015204ced4e0daf03caa866c154681f2

SHA1
82cd7e9482ec30702c22483d81bc2281e025f887

SHA256
c828dfe4845f0ee068afac72f2e894547494af27f49603d569fe664dab71887f

SHA512
4eb94bb14c1466ef254ce9ff305f73b878e1078b893b769be53da837ba971677eda895687cd153001f82ec5041830ba3cfa2bd738df9ed2707f154e8782c7b13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\_socket.pyd

Filesize
73KB

MD5
c5378bac8c03d7ef46305ee8394560f5

SHA1
2aa7bc90c0ec4d21113b8aa6709569d59fadd329

SHA256
130de3506471878031aecc4c9d38355a4719edd3786f27262a724efc287a47b9

SHA512
1ecb88c62a9daad93ec85f137440e782dcc40d7f1598b5809ab41bf86a5c97224e2361c0e738c1387c6376f2f24d284583fd001c4e1324d72d6989d0b84bf856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\_ssl.pyd

Filesize
152KB

MD5
9d810454bc451ff440ec95de36088909

SHA1
8c890b934a2d84c548a09461ca1e783810f075be

SHA256
5a4c78adedf0bcb5fc422faac619b4c7b57e3d7ba4f2d47a98c1fb81a503b6b7

SHA512
0800666f848faec976366dbfd2c65e7b7e1d8375d5d9e7d019bf364a1f480216c271c3bcf994dbab19290d336cf691cd8235e636f3dbc4d2a77f4760871c19ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\base_library.zip

Filesize
812KB

MD5
5b2b482b287015240f296c370e6f9e11

SHA1
f824af57523ac8eae77316cc650f2646d03ee955

SHA256
06f91f55b0891c1f5c0bf18e553d73a37fb9b402e74dea30996137361a9a143e

SHA512
233330f66f8e7ce538438679e5f3c5361ebc427f2dc8dfbac52a1cfb7e1eb11f8a80a2b8f8082b9e3705d4465fcf96b4e6597c12553ca00abb1246de7419c229

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\greenlet-1.1.2.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\jedi\third_party\typeshed\third_party\3\docutils\parsers\__init__.pyi

Filesize
63B

MD5
84a27291937d76e46b277653002601f2

SHA1
fe60efb40aeeee2998bb07245d4f9571ad08825f

SHA256
ddf071712a6926be84384714a23bdf946dc47a083b96fd90a7474d41020bacfe

SHA512
e489e83fd33fdc8ba88954725f79c2132bc4162ba713c72b190b790b4a368e3ceb024d7b8bceec4544123a5435fdfd987876f1b2542da06cba899f5ac72945be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\libcrypto-1_1.dll

Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\libssl-1_1.dll

Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\pyexpat.pyd

Filesize
189KB

MD5
8b9855e1b442b22984dc07a8c6d9d2ed

SHA1
2e708fbf1344731bca3c603763e409190c019d7f

SHA256
4d0f50757a4d9abe249bd7ebea35243d4897911a72de213ddb6c6945fef49e06

SHA512
59ca1cbc51a0b9857e921e769587b021bc3f157d8680bb8f7d7f99deb90405db92051e9be8891399379d918afc5d8cb36123297d748c5265ae0855613b277809

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\python3.DLL

Filesize
60KB

MD5
0812ee5d8abc0072957e9415ba6e62f2

SHA1
ea05c427e46c5d9470ba81d6b7cbca6838ee0dd5

SHA256
84a29c369560c5175d22ee764fe8ada882ab6b37b6b10c005404153518a344ec

SHA512
18ca5631f2ae957b9ec8eaa7aa87094d3a296548790ced970752625a0f271511e0ce0042a0ea5469a9c362a0d811c530ef6fe41b84c61b25c838466acc37f22b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\python310.dll

Filesize
4.2MB

MD5
a1185bef38fdba5e3fe6a71f93a9d142

SHA1
e2b40f5e518ad000002b239a84c153fdc35df4eb

SHA256
8d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e

SHA512
cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\pythoncom310.dll

Filesize
543KB

MD5
b7acfad9f0f36e7cf8bfb0dd58360ffe

SHA1
8fa816d403f126f3326cb6c73b83032bb0590107

SHA256
461328c988d4c53f84579fc0880c4a9382e14b0c8b830403100a2fa3df0fd9a9

SHA512
4fed8a9162a9a2ebc113ea44d461fb498f9f586730218d9c1cddcd7c8c803cad6dea0f563b8d7533321ecb25f6153ca7c5777c314e7cb76d159e39e74c72d1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\pywintypes310.dll

Filesize
139KB

MD5
f200ca466bf3b8b56a272460e0ee4abc

SHA1
ca18e04f143424b06e0df8d00d995c2873aa268d

SHA256
a6700ca2bee84c1a051ba4b22c0cde5a6a5d3e35d4764656cfdc64639c2f6b77

SHA512
29bf2425b665af9d2f9fd7795bf2ab012aa96faed9a1a023c86afa0d2036cc6014b48116940fad93b7de1e8f4f93eb709cc9319439d7609b79fd8b92669b377d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\select.pyd

Filesize
25KB

MD5
63ede3c60ee921074647ec0278e6aa45

SHA1
a02c42d3849ad8c03ce60f2fd1797b1901441f26

SHA256
cb643556c2dcdb957137b25c8a33855067e0d07547e547587c9886238253bfe5

SHA512
d0babc48b0e470abdafad6205cc0824eec66dbb5bff771cee6d99a0577373a2de2ffab93e86c42c7642e49999a03546f94e7630d3c58db2cff8f26debc67fcad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\ucrtbase.dll

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23282\win32api.cp310-win_amd64.pyd

Filesize
131KB

MD5
ec7c48ea92d9ff0c32c6d87ee8358bd0

SHA1
a67a417fdb36c84871d0e61bfb1015cb30c9898a

SHA256
a0f3cc0e98bea5a598e0d4367272e4c65bf446f21932dc2a051546b098d6ce62

SHA512
c06e3c0260b918509947a89518d55f0cb03cb19fc28d9e7ed9e3f837d71df31154f0093929446a93a7c7da1293ffd0cc69547e2540f15e3055fe1d12d837f935

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1548_133615637299342440\launcher.exe

Filesize
8.5MB

MD5
ab80bb454abe2469ff40112393b05f4b

SHA1
82e2915d31265cca1505d15d3da6207ac4d5fb11

SHA256
ff6a6da4f79404766a32a5fb6a305b802ff32a5ad43ebb02b29632c52b23e360

SHA512
3fb888386e0903beb413fb453bc0345936bad52d6bdd00edb2fd8553623c37a685fe7e6992eb65edafe8b8d171855e7a6fbd00bd98583495d6b5e75bb325d893

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1548_133615637299342440\python3.dll

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1548_133615637299342440\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1548_133615637299342440\vcruntime140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
\??\c:\users\admin\appdata\local\temp\_mei23282\zope.event-4.5.0.dist-info\namespace_packages.txt

Filesize
5B

MD5
90b425bf5a228d74998925659a5e2ebb

SHA1
d46acb64805e065b682e8342a67c761ece153ea9

SHA256
429507be93b8c08b990de120298f2a642b43fad02e901d1f9ff7fabadce56fdf

SHA512
b0826bebfd6b27c30c5ac7c1bbb86935618dc9e41a893025439bf70b19f46eca1678a210831938e982189ab565d1f69766a8348d65d867b870a73ef05fb54b53

Download Submit
\??\c:\users\admin\appdata\local\temp\_mei23282\zope.interface-5.4.0-py3.10.egg-info\PKG-INFO

Filesize
40KB

MD5
89406d3a5d3eb7e8d187316196aab463

SHA1
03722c34ba5b00ae9e85ee7e7b14a9b65a5dae63

SHA256
f511e8451b17eb7b0ea9b09ebb1ddcdae395694480c2473b430327d455d29cef

SHA512
a0a050524f44b54ffe196ce96d01cae82952311e47ef517f19cb8637b5121156bf22cd0c05a600916eb4f49081b5dc115f054768b5d527f3c6e9820b7e2fed61

Download Submit
memory/2028-3106-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3144-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3103-0x000001B07DF20000-0x000001B07DF21000-memory.dmp

Filesize
4KB

Download
memory/2028-3108-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3122-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3120-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3166-0x000001B07DF40000-0x000001B07DF41000-memory.dmp

Filesize
4KB

Download
memory/2028-3164-0x000001B07DF40000-0x000001B07DF41000-memory.dmp

Filesize
4KB

Download
memory/2028-3162-0x000001B07DF40000-0x000001B07DF41000-memory.dmp

Filesize
4KB

Download
memory/2028-3160-0x000001B07DF40000-0x000001B07DF41000-memory.dmp

Filesize
4KB

Download
memory/2028-3158-0x000001B07DF40000-0x000001B07DF41000-memory.dmp

Filesize
4KB

Download
memory/2028-3156-0x000001B07DF40000-0x000001B07DF41000-memory.dmp

Filesize
4KB

Download
memory/2028-3154-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3152-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3150-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3148-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3146-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3104-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3142-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3140-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3138-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3136-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3134-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3132-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3130-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3128-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3126-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3124-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-4007-0x00007FFD3CF70000-0x00007FFD3D7AB000-memory.dmp

Filesize
8.2MB

Download
memory/2028-3110-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3112-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3114-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3116-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-3118-0x000001B07DF30000-0x000001B07DF31000-memory.dmp

Filesize
4KB

Download
memory/2028-4384-0x00007FFD3CF70000-0x00007FFD3D7AB000-memory.dmp

Filesize
8.2MB

Download