Malware Analysis Report

2024-11-13 15:24

Sample ID 240619-av3sbszfkc
Target GHUBGEN_[unknowncheats.me]_.zip
SHA256 2e4b6591008858297da12fb587bbe44f48cb77805628fbd7975724c780580bc1
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2e4b6591008858297da12fb587bbe44f48cb77805628fbd7975724c780580bc1

Threat Level: Shows suspicious behavior

The file GHUBGEN_[unknowncheats.me]_.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-19 00:32

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-19 00:32

Reported

2024-06-19 00:33

Platform

win10-20240404-en

Max time kernel

16s

Max time network

17s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\main.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-19 00:32

Reported

2024-06-19 00:35

Platform

win10-20240611-en

Max time kernel

129s

Max time network

135s

Command Line

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\How To.txt"

Signatures

N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\How To.txt"

Network

Country Destination Domain Proto
US 199.232.210.172:80 tcp
US 199.232.210.172:80 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-19 00:32

Reported

2024-06-19 00:35

Platform

win10-20240404-en

Max time kernel

134s

Max time network

135s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\base.lua

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\base.lua

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-19 00:32

Reported

2024-06-19 00:35

Platform

win10-20240404-en

Max time kernel

134s

Max time network

136s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\GHUBGEN_[unknowncheats.me]_.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\GHUBGEN_[unknowncheats.me]_.zip

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-19 00:32

Reported

2024-06-19 00:33

Platform

win10-20240404-en

Max time kernel

19s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Gen.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Gen.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4448 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\Gen.exe C:\Users\Admin\AppData\Local\Temp\Gen.exe
PID 4448 wrote to memory of 4220 N/A C:\Users\Admin\AppData\Local\Temp\Gen.exe C:\Users\Admin\AppData\Local\Temp\Gen.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Gen.exe

"C:\Users\Admin\AppData\Local\Temp\Gen.exe"

C:\Users\Admin\AppData\Local\Temp\Gen.exe

"C:\Users\Admin\AppData\Local\Temp\Gen.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI44482\ucrtbase.dll

MD5 19326083768a1610541e63ba9222b9b4
SHA1 12abdccf4e3a919d11c6a76bbc728b4c3c8d3a13
SHA256 b2d55833f0c3b623d482c9eb66ca8c561d9dd9599a98a253e052050fe1933cae
SHA512 13d6cc018324731d91b05487350188508258358be748a57a6fb38cbe988b16d2f994256069e600ec8a6caadd0c704782ef1a98c38909947a490195a236e26bda

C:\Users\Admin\AppData\Local\Temp\_MEI44482\python311.dll

MD5 65e381a0b1bc05f71c139b0c7a5b8eb2
SHA1 7c4a3adf21ebcee5405288fc81fc4be75019d472
SHA256 53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a
SHA512 4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

C:\Users\Admin\AppData\Local\Temp\_MEI44482\base_library.zip

MD5 4ac72f667dfefc42a81a5b2e2ca63250
SHA1 2f0aae16b63c4b648918130ff4173da261af4c34
SHA256 d76bf92fe6f27dc5fb8f57fa26b1a39d2ad7e706c9766384356c20bab9a39d39
SHA512 8314ebac928f9feee4493685965f67484047b455b9f41ea94099ed6ff93aa038237eb6ffe3af2094a841a78680a2f519835ec75c425519cd9fe5b16d274fe098

\Users\Admin\AppData\Local\Temp\_MEI44482\VCRUNTIME140.dll

MD5 4585a96cc4eef6aafd5e27ea09147dc6
SHA1 489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256 a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512 d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-profile-l1-1-0.dll

MD5 5c7f05b1aabc61c43142787d43ecc94a
SHA1 9946d9752e3725ab8626ec85ab0edf5fcce0a319
SHA256 8d33c2fd7eb67588179d5d74886150b73567e88b5269f4945a65eb8e5dceab5c
SHA512 a0ac64fe50458c94134c1e9b096b15e0f737c465c23e63ea19ad1233cffec2d424c70ff9f4c8fa6a320832186c6483612410e0429e9e76f0de38b0434ef960cc

C:\Users\Admin\AppData\Local\Temp\_MEI44482\_socket.pyd

MD5 2c0ec225e35a0377ac1d0777631bffe4
SHA1 7e5d81a06ff8317af52284aedccac6ebace5c390
SHA256 301c47c4016dac27811f04f4d7232f24852ef7675e9a4500f0601703ed8f06af
SHA512 aea9d34d9e93622b01e702defd437d397f0e7642bc5f9829754d59860b345bbde2dd6d7fe21cc1d0397ff0a9db4ecfe7c38b649d33c5c6f0ead233cb201a73e0

C:\Users\Admin\AppData\Local\Temp\_MEI44482\_lzma.pyd

MD5 d386b7c4dcf589e026abfc7196cf1c4c
SHA1 c07ce47ce0e69d233c5bdd0bcac507057d04b2d4
SHA256 ad0440ca6998e18f5cc917d088af3fea2c0ff0febce2b5e2b6c0f1370f6e87b1
SHA512 78d79e2379761b054df1f9fd8c5b7de5c16b99af2d2de16a3d0ac5cb3f0bd522257579a49e91218b972a273db4981f046609fdcf2f31cf074724d544dac7d6c8

C:\Users\Admin\AppData\Local\Temp\_MEI44482\_hashlib.pyd

MD5 c888ecc8298c36d498ff8919cebdb4e6
SHA1 f904e1832b9d9614fa1b8f23853b3e8c878d649d
SHA256 21d59958e2ad1b944c4811a71e88de08c05c5ca07945192ab93da5065fac8926
SHA512 7161065608f34d6de32f2c70b7485c4ee38cd3a41ef68a1beacee78e4c5b525d0c1347f148862cf59abd9a4ad0026c2c2939736f4fc4c93e6393b3b53aa7c377

C:\Users\Admin\AppData\Local\Temp\_MEI44482\_decimal.pyd

MD5 baaa9067639597e63b55794a757ddeff
SHA1 e8dd6b03ebef0b0a709e6cccff0e9f33c5142304
SHA256 6cd52b65e11839f417b212ba5a39f182b0151a711ebc7629dc260b532391db72
SHA512 7995c3b818764ad88db82148ea0ce560a0bbe9594ca333671b4c5e5c949f5932210edbd63d4a0e0dc2daf24737b99318e3d5daaee32a5478399a6aa1b9ee3719

C:\Users\Admin\AppData\Local\Temp\_MEI44482\_bz2.pyd

MD5 28ede9ce9484f078ac4e52592a8704c7
SHA1 bcf8d6fe9f42a68563b6ce964bdc615c119992d0
SHA256 403e76fe18515a5ea3227cf5f919aa2f32ac3233853c9fb71627f2251c554d09
SHA512 8c372f9f6c4d27f7ca9028c6034c17deb6e98cfef690733465c1b44bd212f363625d9c768f8e0bd4c781ddde34ee4316256203ed18fa709d120f56df3cca108b

C:\Users\Admin\AppData\Local\Temp\_MEI44482\unicodedata.pyd

MD5 57f8f40cf955561a5044ddffa4f2e144
SHA1 19218025bcae076529e49dde8c74f12e1b779279
SHA256 1a965c1904da88989468852fdc749b520cce46617b9190163c8df19345b59560
SHA512 db2a7a32e0b5bf0684a8c4d57a1d7df411d8eb1bc3828f44c95235dd3af40e50a198427350161dff2e79c07a82ef98e1536e0e013030a15bdf1116154f1d8338

C:\Users\Admin\AppData\Local\Temp\_MEI44482\select.pyd

MD5 8472d39b9ee6051c961021d664c7447e
SHA1 b284e3566889359576d43e2e0e99d4acf068e4fb
SHA256 8a9a103bc417dede9f6946d9033487c410937e1761d93c358c1600b82f0a711f
SHA512 309f1ec491d9c39f4b319e7ce1abdedf11924301e4582d122e261e948705fb71a453fec34f63df9f9abe7f8cc2063a56cd2c2935418ab54be5596aadc2e90ad3

C:\Users\Admin\AppData\Local\Temp\_MEI44482\libcrypto-3.dll

MD5 51e8a5281c2092e45d8c97fbdbf39560
SHA1 c499c810ed83aaadce3b267807e593ec6b121211
SHA256 2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a
SHA512 98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

C:\Users\Admin\AppData\Local\Temp\_MEI44482\base.lua

MD5 15774c9d58d8e00297bc5d90e97036af
SHA1 1ef8137a90fff75e7b28d2a04b7cbaa975231477
SHA256 6438c4641fd0f17d0fb922d5849f1e1b6116c30210c1c944c5567242b6b7ba02
SHA512 9a0051560af0a6918e441259f88d770a7567f3b153ae58ddea28b7df0e431c4f4314abbf1a4ba01db9f67aa3aaaa6e0300d6fc1178dc48c352cff47db4134bb3

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-utility-l1-1-0.dll

MD5 9097481ac51f0d4c4cdfc5dc00ad8a3b
SHA1 128516a23c01f07e706ed54fc806b244c71292d4
SHA256 faab2cd1326cbc1f8ad29452c0fcded36dab70f78d3d8d5d974dd39854a1ad1e
SHA512 18df8da7d4de87be09622e78368ddc2b6560f418aaf1ad1dc7d383c6162c748095ec223209947eb9c8c85747198dc554d8b79033635a4dc18b912a7accf82940

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-time-l1-1-0.dll

MD5 d77792a945b6d15138e4c73c2cf041a7
SHA1 63b17e93986b4121917e7bd7329c8a070493fe85
SHA256 0b74db814b5c9df6352d52e46592f2fde33c419b3cd8aa15dc96822c1bd3192c
SHA512 55634644c0211974c294316c966ff30bd26ddc663d75640a3532ce53af9646a0bf30e2bfb8bc42ce0e3982c1269a20c63f4759eccccd50a2b0bf58347de4d82f

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-string-l1-1-0.dll

MD5 0b3f8a347986ba6451185271d2fddad4
SHA1 829472a3fa6cc0d4d86e1c7498ab56ec0b3d6447
SHA256 e0b0bc0b9b1d0bd7decdac7b9a55ed396e85a243615c59737d00b736e7989cb9
SHA512 75ba7a41d8ee328bbc1a492760563d4aeb6ec67d5d84a80645906e1c1f82dc1c48ce437e67e8adcda49962145c971abd3ac66935be88765cf624b4445722f31e

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-stdio-l1-1-0.dll

MD5 88aadc484502d18af32bdf2212e66391
SHA1 81aae669304968aaa2b901008ffda06031dbd203
SHA256 39725c256b159a549653a583dc154b38d63849f9c5d556a56c9701fcd80e16e5
SHA512 7777ed24477a27c6b1bf2bdab2eaacf34abddca044cc2673135e2eafc9d179cab0ff38d1559a0a3579df689f71f23877a7ef960f8b9a7b4eab3c82a06c5e2d43

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-runtime-l1-1-0.dll

MD5 95c9b28c7b5abb0651792b0ae3174219
SHA1 096f3fc6e20693509f79b28b6603865044f4a43a
SHA256 2451db83ec1aa71760ac52d69fdc2378a6eb15c67457b8bc36df56005054d226
SHA512 6c71ce76cb59c4b4d91d3d085f5e9a8ce31051a26a22794e07831896403c0426aadd117dd7c8a54423a0dc0a6c4b9ab23d191402dbb730ce3760a5931311049c

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-process-l1-1-0.dll

MD5 848cb7099223b2e6b2dd460281f548e8
SHA1 7a1fb140c26b603edcf3ee7a41e5d315edd0de96
SHA256 b628790d015c9455bbcb7881176ed6ff411d6600942b6c1c8154dc91979880c7
SHA512 deaf5c80ebae6b6c8e70e890228ee2ec809fcaf70697cb2f38ed88bec568a6a4e1f3643b2cad030c508c999915f52aa8e6338ff308a8850a24f1c816aecddf8f

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-math-l1-1-0.dll

MD5 432033445861dc8d2f1922460fde1a63
SHA1 8a365ac396e2adf1b3aba1ba09b2a2ba2dd11e0d
SHA256 ee7c65a47187bf2ddda6fa399f93184769c53ac3aadcd2cf9d11c87f697a7927
SHA512 3b4f370f1be51d85874449d2ccf610df6c07ebcc5880ec899c32f987c471bf35e8b2fda52295ad056c95c24a05e6e159024d48620ac42abaf475f17828ce3c88

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-locale-l1-1-0.dll

MD5 043e2f829752f946a0de63d7ae71c58f
SHA1 4d360547d4fba057850e699ae3539d70c3c68214
SHA256 1a499a0b734f3652250233bd0fff59cdfca05c90b198422540697325df76caa4
SHA512 64caecb179297f2a66a92ebf8a70dc6ab7b64c8d61d83e02b9a41bc6a9943fc63220ef1d9ad982a6f0335f20c6f4597acd8a14a80c4a1dd9cfe02fcd428d1411

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-heap-l1-1-0.dll

MD5 5c937d1e830a983b09b9691cb8a41306
SHA1 3af818add9b333daa76c3d5105e83a68b095c9e3
SHA256 f9260f52a36c4843ed207d5a42ae7cb754d73cc79cc86fe352686410e1be0e51
SHA512 d1b44327ff4b639be4a62c263350194eb1c492e19ea03f9b82928cb7e2ff02d7ecd3949ea3dd6fe1fd81275e09c6cc41d17107bcf14073c03efdaabc32e7218c

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 ac1867121d1aa6622bbb29a146a7748e
SHA1 7ffb24709296423bd46abc86fe3bce2c39338827
SHA256 5b0fffec22a9bd7da70b0d17a561e71ef36d71ff30a7d189faaa41b9aa1e6f81
SHA512 3e5be4684255409becff34ead8deda0aff487ca9fab265b275350d4ce1895e6e177476922312d118c8c51fd7c273051543927bd65f4f507bf60749fc5fa54e5a

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-environment-l1-1-0.dll

MD5 30a7ea158a8b9e5a79eef0a23c3542b9
SHA1 e9f364b0c36e2d5c3c3a2c7ae0bb594bf365ec85
SHA256 c84f2205fb9301ea16e1cc873cb62abfc4abb91621a457be39cec66eb16d3f2e
SHA512 f77ca417b18699bfcce426b9d112e5080cc2fdf5221fd7e113253dc47f6eb5c664faf709ac307b1c7eb1d3a40393fd0ba7412ce093bb7a720d05cf6ba4ea9b53

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-convert-l1-1-0.dll

MD5 505c34e52e2804da4020a030e122b65c
SHA1 6b0abb6b4960b9106cc85ae5f931486c912a66fe
SHA256 8d648150b9cb47f5de98847cddbdd63af13d614aa145ff543dea5f318b10679f
SHA512 b9f0c8d88d9c6441eea514b9dfd83c2705973532b6c31c080ef30c42e739c56d8aeeedfe7733ab768ab35b12965e2093719a18e61b4fa9c07556da2100b6c39b

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-crt-conio-l1-1-0.dll

MD5 84140a8777a4dbcd006a8f27b0abc238
SHA1 e485da0d534718034d0a7dbe96cadf4bf0e3ea6f
SHA256 c43f712b7d56becf408f742dd93e38b3fe5320af7c9e3461b8a617399f3cb745
SHA512 7bda16adaafd5277f105b2f62d7e276627adcc96054800459f1aa728b8186ca5bfcd0407197e6e8db6f5967a495a3fba9fbd0ea1349c5921dff03001e7cd89ba

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-util-l1-1-0.dll

MD5 9b02baeb96e7d52d83ef987b29c60cec
SHA1 1b631416949b90a0598737c7dfdc9b65758563e0
SHA256 ef6f3201615572a98e0972385bce1bf29a0f321966f1f94677e7d2294dee45d8
SHA512 216e35d32bb7240cebb9dbe1cb7e4af7db59a06701cac3ba54be6d7ab7536a1462565b2e907444e6abdeb361b652452c0fe62905fec3711b149b3f37698786ec

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-timezone-l1-1-0.dll

MD5 70bd7327f807c8456deba44705d9131e
SHA1 d2b439a82ff98a4e80a7407c1853a679e49fa2d6
SHA256 442622ed18074e074c277c78895438e75188fb628f3e5c2ead22df8195fefc81
SHA512 4fab3a430d4aa367dca9a65906c526ffe86fae0f9a4bbc6df64fa531380861e0316214c053d804b4815cd2465ed0940aee1cdde0a8801580f76194d55e7497ec

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 87e5cf61855aab7d6bd18273d470c9bc
SHA1 717e1c1366345f963ca139d6332336d6194d03a6
SHA256 f87dd617cc502249b5d3212f3e63e41c6cc01e46cc4ce5d8a0efda3db26c08e0
SHA512 2fd2b876313e8af053ea84195134da944402d2cca2666017627291f55356625a736a8d563deb5a3f46d6838aae14a9ccf242ba83348cead2649a0bc546c8e521

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-synch-l1-2-0.dll

MD5 26943f811398685bc4285a025e79a0e8
SHA1 0fa11a3b0350e806a81f37225f992068c2f381a2
SHA256 af1a1a3936d366075456ecbe60400a333e05cad63a219fccce3b8c64ae7cdddd
SHA512 753d20f227925eef4e71aa9219fcc750711ff4c640c5510219710458298fcd10a34dd57051f57caff8b287d124cfc1bc20fd2487583d8cd5e06db023898849f5

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-synch-l1-1-0.dll

MD5 8bfd7ab2f3da246bfb612d3c51aef60c
SHA1 c51b83fce84ac84eaa13cc8e5d6cbff52939019c
SHA256 e1043cd773c6439f14c298ba8a1cbc4f53597575e90558036f78b08d6e3f3a13
SHA512 a8043689b5099b0954d968105b4c37d6c4e906125d69ff41a0e6325ad78461780937f61380bcb847fc318e8d2bff1862ff5252b4ca98a93746ac49716cc1ab15

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-string-l1-1-0.dll

MD5 b0a4737a65fd717056595e1a3a5ab87f
SHA1 0bae6d1bce63279a1436b71c6a84cce8b7afc4b1
SHA256 ea757ad1deeb909c0ddedc0ac24073c677a0b84d0c0ca1c736107e03bb74595e
SHA512 22ab17d6d3b5a5c35faaa36145cd6671b346924a15f1eb5b7b3de809dc5e550c7e78066e7d034cda76020cf33c0601e3696141eef7c7396aa25637a7c1a6c908

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 e1eea6c7f33fcec0d566b6f66d1aa9de
SHA1 404787c03782992830406a1fea19ead003c04deb
SHA256 8e0b2255b3d01919bb76edd8e125fd48dcb90822425c0579ecb7747060f0a4c6
SHA512 e5418f5b0090c65a6b90121f8b61254e29f18bafb32f27e6a8f58d24bc03ace8e86cd3cbbc90b36ace1f4f085cb7c90be09f465f36fc292d16e7142add1b2bd6

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-processthreads-l1-1-1.dll

MD5 277f1ab9d695c6cc2a6631fea9c1654b
SHA1 9e7ffad63361085c98f398acba933f489a6c3375
SHA256 ba869c58493289ccaf2a00bf1586f4716c37e7d1576f636e5dd9f11a5a52b156
SHA512 1861d3597ebe26b7c4de135f943192ffa6f1143eee4018afa955f7c5ce3fb6e513025b295484aefe2b189057f2b335ff6c11ea9a6a8334daecddd852b3f5712b

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-processthreads-l1-1-0.dll

MD5 9d6e7febb7a998ff9f281ffba7dcd68a
SHA1 fc10f902d917d4fbb93304f0544d7ac5565a46f2
SHA256 1a9f9ed01f61db9d8f3c97f20d99b97d01758a31bfbde645997777fe9cd5ae13
SHA512 b80039e1a66efb5e283d72f603ecbd6d1dab71e500a50077e1dd51d5da4b700ba4d7debb209b6a2db8ddf80fd59f5bd219b06815f2b945f856892a737a11b10e

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 e9c72edea58077341b696078ddee3299
SHA1 6a331d283526af5298d39d89a3b19c779516c055
SHA256 dd28ce4a2dbd2518db407e1167543db24744a66efb3fb3cedc1082831187477f
SHA512 bb5b9617f6b8a6953a5fc836eef7b83534d22151c22c3ae7ca6ffbc467c369c12ead6819fcacb228f1a0a5688d344d3f398966c795dee871cc926d2fe1b45635

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 8aa17d9a7c530f0b10ac4d2b125e5824
SHA1 1051803ab2e6564af305ea18f5ab8e6571c7ec64
SHA256 9f1cd39a7b21f446bff07e3ee99d04f1318e0004b0753a8a61a64bd351a52c60
SHA512 5d64cc3f2df0d0bf04732f2b9df119f285999d058a7fbc5f1ebe7bf42f4165fcae1023c4962c4f74d4bfc62686f3cfee25faaea7ed3cb94eb4609598027e8372

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-memory-l1-1-0.dll

MD5 2e6afb6a58607ff71774b9aa2bf88f42
SHA1 f417593b268d43dbc0ca8a03150e99ef42b84352
SHA256 9a68f6b967ec55361bf8143492b009490cc5bdbc21f7becfc5c1d7adc8c586d0
SHA512 0540646ceb5d0fcdb04945507ee6422791623c5947edfbb58966a515a4c2a7aba6fc8ccb4dea69a63052c08e12ae9ccca4e360194b053f007e4fbbd14ecabdc1

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-localization-l1-2-0.dll

MD5 7571bcb31f111407c2ed3ce49fce1b47
SHA1 ba51bb637c9996285361bb9258807742de2fee78
SHA256 346bf9ca9d98ff021c076f5b988d92f9b0924fc83fb3fd92ef04c3460aa8e47c
SHA512 f5e7d9ccd8d40db046ae8585840173c466a883eb0d1e58b74f07f4960b2ef962800bc0df06deff78707e40ebabe2415ccd3e1705995aaa09f86bb0b152a46e10

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 545637737529313bc6c395ec88f42c1f
SHA1 9210c2612f8797f289f6b453d6a85fa7bcaeb5c5
SHA256 5c29a1b647bcd233a95caf9149bc95d68b081a8f08daf97383be52c7416eafc7
SHA512 f42aa3b975227d6c9ddc1d4421c3fd6b2f8336b3a026b634122da1ceb3e776662bfd39d6d849f4241f5a26fa8c05499619d8424133468ddaa1cf399e98bfeabf

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-interlocked-l1-1-0.dll

MD5 05c527f9542a28fb30897964efb0da1e
SHA1 3fc3b8a877133c0afd1caa9da02f12fc00c29407
SHA256 46be23502e3269f2a922293c528be0343724440de589a662dfbb80575dbc4bb0
SHA512 3de1b1fc59eef14e97feb256a62b557ac3707a49efee4c7710777151b42d98bae7bc42b3208b31710bce029e115a297e12d5e2040b7c9e4bb206e2580fdec218

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-heap-l1-1-0.dll

MD5 a88fd3e4ad0a6a7dd4aab0cbcb96313c
SHA1 a8c16469edb48d98135ed024373377a06b8fe934
SHA256 83865f59d5c98b7959cedf4149720237fc07411079fcc93e3b2e7e878ab25439
SHA512 aa3817fcb158d68e482a8635eb2b70b7db853e6353cab1e521eec234e6de34bf2db1868742ae989d5d10b13c28a412f37c3376595343ed4984978b7ac74daa7a

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-handle-l1-1-0.dll

MD5 5c073ba217b7cae31456e85415d36ad6
SHA1 0dd25bff8ad3d97b12d790f3f7194e793d4ccd7a
SHA256 47ed810f392e0c58e935d11092cacf0c6e4023b0c527bb33b0693c184493c59b
SHA512 c6734d24b45ab2a7ffe69613feb979136c9f04f9b3ed027f92ad9c5fc21454b301083afda3d848ae63cefa74f151808458be7c4b4dd1d405e52f8ea9198bc128

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-file-l2-1-0.dll

MD5 0c0a88fddbc7478e45ec0ceb09cf6923
SHA1 f3c5820d6bcf68e8823624a0bba7be4ac1fa6877
SHA256 5b69524fde5515524843ca1fb2773bc8f5f735e764ba0c749ca8e85ed86ebfb0
SHA512 087173a7e8cf7e50e2e8d1bed5fdc38794aaae37fb074248bcb2146d5b5f295f99aa997b32caef22cc2a2983d0035945231c037bcfa4185b4494c6e33a8976e9

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-file-l1-2-0.dll

MD5 a2ba8b29abc17c30a0a4d66f28557483
SHA1 f2a05f7264c9e900a8b01703642dd2ea81c053aa
SHA256 3450b81932290c69ac017edd67c4a8527784f9a60f2b7a5b20b0fb7fef7dbf32
SHA512 cca71d8924bc3027c106e26a2c99773510a9f3195b9b5c925fa7350328006f5526496937ef04fe183b44f4b7efef5f23a958c79d6d2b3c448467e909b2bf29c4

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-file-l1-1-0.dll

MD5 e7d22f0a0965a68eb9e3818f78bfc29f
SHA1 6177c87ba54192f568b8fc67f600323e2b030729
SHA256 4354418ff94d3eceb648d67b9133e3b1eb82adbbd736a92e030046b8337883a1
SHA512 4ef63f4f3dd5100038c299cdb2bcff92d04e7fdb7bf00418a45471d9741e4d05475b2c584ce29a6fe4b08945ad1e6400054a3a2842395d26805430d0169fcb15

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-fibers-l1-1-0.dll

MD5 bd955d774ad3268d203dae3aca08a128
SHA1 2ee6033d0fc5ac624aa48fd2110a82b89ea052a2
SHA256 7b044fb60b80029c2b84a7bea5974104b9c3432c32b412d6a8125f9cdc5cab8e
SHA512 873b201d550d23d555621ebee8e40b070f0a235f676e70a4a0738fdd704335c9fd86a5c7ab41535a0a6d7de4e8d8e537672402ca87c6c01b42edb322936e925f

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 d38d33245d9f149a01931d36a606b11c
SHA1 7dfe55376e0f658856d62c241aaf1a7b08482831
SHA256 3e23d813f10c8581c6b6b44442f210b09b247ae11bf84330bed5bf8bc192c71d
SHA512 f99e5dc28117cd15f3797508f62793ce54f253ea3c0494a1415638fec5467a7f6d6081b0bc5eb40afa3e57ff89e8881422cf5869664251a7187f6f3ec63b0e18

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-debug-l1-1-0.dll

MD5 c96b14c5799b22fe0daf5ceef6d505e9
SHA1 5d1b1a41a9e1c4625e4a6479ce46eb972f8bee6d
SHA256 77655e0725e13bd5cde4e861c7ec43009beb4b67494c23f58fd4895fd494501a
SHA512 743cff7184239bf565b21003f891b10fd812fe8a034e5124d4f59941e68581c99ec899d7821c3de5a9b0c3e31e4be53e82b8e363fb5cd01bb1fce5e803f6bce3

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-datetime-l1-1-0.dll

MD5 1f1d6dca88cd34da5272467f3bc9eff4
SHA1 39a28ba9db9c5db67aa3354b63b7d95d6c0cabb9
SHA256 11f97ff021b47d56f0cecff587cb00ce0c3431931793061c55aab9973cd058c2
SHA512 86a5ba1616f02bb73f661a68001379ef7be1ece1fb0a4441c061158f4b06099b500d0a7a4792ab3a4985391fe0d9c182063f681aecb70330170f56aff3d088c6

C:\Users\Admin\AppData\Local\Temp\_MEI44482\api-ms-win-core-console-l1-1-0.dll

MD5 739312f8ba85b4c64156a7e75ed906a1
SHA1 7662ef3b67b44bfd60e1804497bb4afd34ac0385
SHA256 7e4754725fbd2471f0411bc2f608029eb696ba5d82b8b8b80496fabe35ae820d
SHA512 21fe57bccf0feb305e92f06b9c49f5ca19973fab0a9d4177e11b1a8329f4f77250123837866bbbd041aa6d492fe31884078c2ffe13838e47746aef69af93f591