Analysis

  • max time kernel
    37s
  • max time network
    37s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-06-2024 12:59

General

  • Target

    koboldcpp_nocuda.exe

  • Size

    59.4MB

  • MD5

    2eff137b9219cfc3da85d0199218db31

  • SHA1

    4e5833520445509e30eb68b5d9fcd5f0f60eec43

  • SHA256

    31d4e85544a71ea3faa456b21c3bb984446d917e24a2240e36bae38c8a2947e3

  • SHA512

    07a9e6551afa915b2a78b40a33f64b4f88195d9eef7872f68ea2ed2c23f3dcaa5f580488047083e84137c192cde34e2ca9cfb2779d1b745494dc6203bb329d22

  • SSDEEP

    786432:j2FxCEDfO9R/kDNSwqEa6tN3aXn0Dmg6mc+FXr0WjESbyKHb/DbDtgcHj+AQZDnJ:CFxCZ9RoQyaw60PDFXR9/zyAq/e1+Th

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 23 IoCs
  • Drops file in Windows directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\koboldcpp_nocuda.exe
    "C:\Users\Admin\AppData\Local\Temp\koboldcpp_nocuda.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:612
    • C:\Users\Admin\AppData\Local\Temp\koboldcpp_nocuda.exe
      "C:\Users\Admin\AppData\Local\Temp\koboldcpp_nocuda.exe"
      2⤵
      • Checks computer location settings
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5036
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c "ver"
        3⤵
          PID:2284
        • C:\Users\Admin\AppData\Local\Temp\_MEI6122\winclinfo.exe
          C:\Users\Admin\AppData\Local\Temp\_MEI6122\winclinfo.exe --json
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2280
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4676
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:4664
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4688
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4748
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:4760
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4744
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2948
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5080
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:660

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TABYYGGX\favicon[1].png

      Filesize

      958B

      MD5

      346e09471362f2907510a31812129cd2

      SHA1

      323b99430dd424604ae57a19a91f25376e209759

      SHA256

      74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

      SHA512

      a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

      Filesize

      512KB

      MD5

      afaac76d215c1b1ee33f8511daea340d

      SHA1

      d73a398ea50fc88bbf0ef66d408f9275503cb415

      SHA256

      b3f5043c65168e85f69512d7910394ce78414c36233a372bc9c0ce8df543bb62

      SHA512

      7a42428be1aec2f792aa51863742940d34f0dc10fb6a7044b90faf22154131150d96764ae32547a84a3dbf23d5048b75adfcd585942d89243e91aa76f2ca4789

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF554664BFBB3F2E0A.TMP

      Filesize

      16KB

      MD5

      0c0ff14a79f8013c134ecc66aafc397c

      SHA1

      c701546f0fdadb67e93a4e5b51b6d15316fad79d

      SHA256

      9d16a6f3b15495f4c1fd2b5b57231dd10bc8f1340ab0c751fc3c0543ebb88bb1

      SHA512

      98f9432f30d484d3222403382a98ef3b0fde537aef5ae47edb1f6d74bdb8395f96faec038109ab8bb27f4ab2fed262f0fa0a5fca6707bf339a3decf4e6baa1b6

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\_asyncio.pyd

      Filesize

      63KB

      MD5

      0400b1958d0f7aa0d2ad409ea12ffec7

      SHA1

      ce1a5c61192ffe489a53f029ac0a95d4abb3d2b9

      SHA256

      6e25aa5931f175b971dfd05aab7a24cef29edd8f4b524341c414d0577c07a200

      SHA512

      8790f3f9c69823d55350ea63a1b8ebb3dad64942b6e6752109d2932b3bb848a5101e2a9a4645e93a476a8c4e5c8b27e15eb39b33fcc772a876b0e8ab9fd5eefa

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\_bz2.pyd

      Filesize

      85KB

      MD5

      a49c5f406456b79254eb65d015b81088

      SHA1

      cfc2a2a89c63df52947af3610e4d9b8999399c91

      SHA256

      ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced

      SHA512

      bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\_ctypes.pyd

      Filesize

      124KB

      MD5

      291a0a9b63bae00a4222a6df71a22023

      SHA1

      7a6a2aad634ec30e8edb2d2d8d0895c708d84551

      SHA256

      820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324

      SHA512

      d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\_socket.pyd

      Filesize

      78KB

      MD5

      4827652de133c83fa1cae839b361856c

      SHA1

      182f9a04bdc42766cfd5fb352f2cb22e5c26665e

      SHA256

      87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba

      SHA512

      8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\base_library.zip

      Filesize

      1008KB

      MD5

      eb64bb7e17b788962914a11c997b7118

      SHA1

      f98d41a009144316b0f2b074abb0676674824041

      SHA256

      6f0f43477d1fda625f853edece7bfad275906924eecd48a8549ac79b6f4785fa

      SHA512

      d97fd5caf6bd6fa95015119c4a869005cad7ee6dfafb5ba654d100747ed518715dee6112f8558c412c958d3cb548ec25b1a8f251a2c907098d48ecbabc4ab543

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\customtkinter\assets\themes\blue.json

      Filesize

      4KB

      MD5

      05eb3947ce9a8c3bef66c14d0f938671

      SHA1

      06ffc811ee51609809d88894022e222b339aefee

      SHA256

      c9417470c16ced7a43d6c4a8e027afa6edc62c24d5aee7c4c2dcd11385964d3b

      SHA512

      4db7c14fba78185edf6459016608cb8fa0a250dfb48432c552bb4e0466cf49622b34d847e17c254bb1c8d15bf365e91bce3ede552ba8733fde9d21779f7f1c13

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\koboldcpp_clblast.dll

      Filesize

      6.3MB

      MD5

      f98356d4d76b94a40e6ea785bad1f396

      SHA1

      56da30a4d379207d32ac697e84a5b13bbd994602

      SHA256

      3412c98440ee8ad98511fe9373af829ef8e8e21a2b7b503a02a4a6dd3f207ccd

      SHA512

      cef67f50af9e45b57d2708da10e1dd70d86848843fdc5038e3ed93913a5649554fefa106da8d36e984d800c7db9aeefbc2d1c426bb441fe5f85251ad4143cf39

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\koboldcpp_clblast_noavx2.dll

      Filesize

      6.4MB

      MD5

      6cfb5150dbf002a9102f261312b2c791

      SHA1

      9c429c15a7a4de05aec1d4f3b3a69510de05683b

      SHA256

      b520128d28204c0d81f5494a7380da6c64aecc8d0374165935b911cf6b9e5e1f

      SHA512

      8b71a87a81fdbe51943ac84d639955bf263d28e9b926b1b17d08ec112f6e000ff73aa5b8089e47dc3aa5f945eae01fd0d011b0bf1790cba19df7b3f3d55a05b0

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\koboldcpp_default.dll

      Filesize

      6.1MB

      MD5

      809a5f5707b80097f2b469305ad8ebbd

      SHA1

      22ff961468417a5f3fc39f9d6d07478c858ec5c1

      SHA256

      0b32cf09ceb3e90a63219b96eab3ecc613488483b7d5daf6e3fa484b48535a23

      SHA512

      3826f36b0dddd8ceea68c0fa75c4344933745563b6c895970ddf144b282647dae07baa204e25e0189ac255aee600c8976dd612af7fd880f508cacbe994967a99

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\koboldcpp_failsafe.dll

      Filesize

      6.2MB

      MD5

      35a965ebb3e64aad5ce9d2dcf89a64a5

      SHA1

      5f9b32e93ec4ff17ee9cbcd87bbd7d182447ab69

      SHA256

      ca4db370acfc3360d07ffcb741fe7035ac33513f2355c1d98441b8edaa165a6e

      SHA512

      c4373376c95bc4a056f63e111e79953a505cd9a595c987695526f718341206fe56bb683e00ce27702a9a49c03686e1c550bdab2161c654ad5f6de237f74d07bb

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\koboldcpp_noavx2.dll

      Filesize

      6.2MB

      MD5

      6d2efe111913c9a3ec29e59b24df545f

      SHA1

      3057ef042e257876ecb9092c3704adece6cfbfaa

      SHA256

      28da46fa0744e4be016eb05907dceaa46700103a59db344c498eacd02351806b

      SHA512

      569158cfc4988152a54436f3fbc1dc14276d07609951d558574e91bfc71ed150a77deaa982280290238676d2441fce651989c70026dd830e02246627a7fa6058

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\koboldcpp_openblas.dll

      Filesize

      6.1MB

      MD5

      ec9568a84c2de221b00ecca42c07bc12

      SHA1

      f439e438f96364c42e0160379eecc024f35f0660

      SHA256

      e58ddb2847471cca6192271d3f1d8b6b3ffdb76cb1b11eaac8441f8e71578cb4

      SHA512

      54ade9e13060121929faee19692f38ca03ff8f3b0126eed424ecc335ffa0939629ea6c782496e5b054b0d661ba11af4168d5d8959cd152f81462a1c7f14bbefb

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\koboldcpp_vulkan.dll

      Filesize

      8.1MB

      MD5

      0f44f3ac9278d28dc12489286f275d8b

      SHA1

      19b89da1c2a55ce4892f286cc7d50f2a3780f5c6

      SHA256

      a223f256451ae52734b978d4e803f7a2a54b10aa26def88ed37cd004c1190707

      SHA512

      fb9a83455964146f28cc557945c2b0588e5a1d5d85d40c5935366f0a5186225b233c6ec7557aa408b2fe4c501e0c6e15032e27a0d043a0a07638d8b3c35df9ed

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\koboldcpp_vulkan_noavx2.dll

      Filesize

      8.2MB

      MD5

      08f6efb6ed9948ff8c4a4ac6d28d85fe

      SHA1

      dbfc9d6afa674bc7d8a8023b1a7dc9051459f183

      SHA256

      30b02283283e6e2db44faa999642870f72bcc98be5b3db8be030d51721fd12cc

      SHA512

      cfb8afb37e8db24c4cad2c097104f1f408d70c133a036f381ca8394bc0d7b4fd051292b170c1259fc3d3f5e651f742209bb8334e4f5eca3e821c66c420913d27

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\libcrypto-1_1.dll

      Filesize

      3.2MB

      MD5

      89511df61678befa2f62f5025c8c8448

      SHA1

      df3961f833b4964f70fcf1c002d9fd7309f53ef8

      SHA256

      296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

      SHA512

      9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\pyinstaller-5.11.0.dist-info\INSTALLER

      Filesize

      4B

      MD5

      365c9bfeb7d89244f2ce01c1de44cb85

      SHA1

      d7a03141d5d6b1e88b6b59ef08b6681df212c599

      SHA256

      ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

      SHA512

      d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\python3.DLL

      Filesize

      58KB

      MD5

      c9f0b55fce50c904dff9276014cef6d8

      SHA1

      9f9ae27df619b695827a5af29414b592fc584e43

      SHA256

      074b06ae1d0a0b5c26f0ce097c91e2f24a5d38b279849115495fc40c6c10117e

      SHA512

      8dd188003d8419a25de7fbb37b29a4bc57a6fd93f2d79b5327ad2897d4ae626d7427f4e6ac84463c158bcb18b6c1e02e83ed49f347389252477bbeeb864ac799

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\python38.dll

      Filesize

      4.0MB

      MD5

      26ba25d468a778d37f1a24f4514d9814

      SHA1

      b64fe169690557656ede3ae50d3c5a197fea6013

      SHA256

      2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128

      SHA512

      80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tcl8\8.5\msgcat-1.6.1.tm

      Filesize

      33KB

      MD5

      db52847c625ea3290f81238595a915cd

      SHA1

      45a4ed9b74965e399430290bcdcd64aca5d29159

      SHA256

      4fdf70fdcedef97aa8bd82a02669b066b5dfe7630c92494a130fc7c627b52b55

      SHA512

      5a8fb4ada7b2efbf1cadd10dbe4dc7ea7acd101cb8fd0b80dad42be3ed8804fc8695c53e6aeec088c2d4c3ee01af97d148b836289da6e4f9ee14432b923c7e40

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tcl\auto.tcl

      Filesize

      20KB

      MD5

      5e9b3e874f8fbeaadef3a004a1b291b5

      SHA1

      b356286005efb4a3a46a1fdd53e4fcdc406569d0

      SHA256

      f385515658832feb75ee4dce5bd53f7f67f2629077b7d049b86a730a49bd0840

      SHA512

      482c555a0da2e635fa6838a40377eef547746b2907f53d77e9ffce8063c1a24322d8faa3421fc8d12fdcaff831b517a65dafb1cea6f5ea010bdc18a441b38790

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tcl\encoding\cp1252.enc

      Filesize

      1KB

      MD5

      5900f51fd8b5ff75e65594eb7dd50533

      SHA1

      2e21300e0bc8a847d0423671b08d3c65761ee172

      SHA256

      14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

      SHA512

      ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tcl\http1.0\pkgIndex.tcl

      Filesize

      735B

      MD5

      10ec7cd64ca949099c818646b6fae31c

      SHA1

      6001a58a0701dff225e2510a4aaee6489a537657

      SHA256

      420c4b3088c9dacd21bc348011cac61d7cb283b9bee78ae72eed764ab094651c

      SHA512

      34a0acb689e430ed2903d8a903d531a3d734cb37733ef13c5d243cb9f59c020a3856aad98726e10ad7f4d67619a3af1018f6c3e53a6e073e39bd31d088efd4af

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tcl\init.tcl

      Filesize

      23KB

      MD5

      b900811a252be90c693e5e7ae365869d

      SHA1

      345752c46f7e8e67dadef7f6fd514bed4b708fc5

      SHA256

      bc492b19308bc011cfcd321f1e6e65e6239d4eeb620cc02f7e9bf89002511d4a

      SHA512

      36b8cdba61b9222f65b055c0c513801f3278a3851912215658bcf0ce10f80197c1f12a5ca3054d8604da005ce08da8dcd303b8544706b642140a49c4377dd6ce

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tcl\opt0.4\pkgIndex.tcl

      Filesize

      607B

      MD5

      92ff1e42cfc5fecce95068fc38d995b3

      SHA1

      b2e71842f14d5422a9093115d52f19bcca1bf881

      SHA256

      eb9925a8f0fcc7c2a1113968ab0537180e10c9187b139c8371adf821c7b56718

      SHA512

      608d436395d055c5449a53208f3869b8793df267b8476ad31bcdd9659a222797814832720c495d938e34bf7d253ffc3f01a73cc0399c0dfb9c85d2789c7f11c0

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tcl\package.tcl

      Filesize

      22KB

      MD5

      55e2db5dcf8d49f8cd5b7d64fea640c7

      SHA1

      8fdc28822b0cc08fa3569a14a8c96edca03bfbbd

      SHA256

      47b6af117199b1511f6103ec966a58e2fd41f0aba775c44692b2069f6ed10bad

      SHA512

      824c210106de7eae57a480e3f6e3a5c8fb8ac4bbf0a0a386d576d3eb2a3ac849bdfe638428184056da9e81767e2b63eff8e18068a1cf5149c9f8a018f817d3e5

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tcl\tclIndex

      Filesize

      5KB

      MD5

      e127196e9174b429cc09c040158f6aab

      SHA1

      ff850f5d1bd8efc1a8cb765fe8221330f0c6c699

      SHA256

      abf7d9d1e86de931096c21820bfa4fd70db1f55005d2db4aa674d86200867806

      SHA512

      c4b98ebc65e25df41e6b9a93e16e608cf309fa0ae712578ee4974d84f7f33bcf2a6ed7626e88a343350e13da0c5c1a88e24a87fcbd44f7da5983bb3ef036a162

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tcl\tm.tcl

      Filesize

      11KB

      MD5

      f9ed2096eea0f998c6701db8309f95a6

      SHA1

      bcdb4f7e3db3e2d78d25ed4e9231297465b45db8

      SHA256

      6437bd7040206d3f2db734fa482b6e79c68bcc950fba80c544c7f390ba158f9b

      SHA512

      e4fb8f28dc72ea913f79cedf5776788a0310608236d6607adc441e7f3036d589fd2b31c446c187ef5827fd37dcaa26d9e94d802513e3bf3300e94dd939695b30

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tk\button.tcl

      Filesize

      20KB

      MD5

      309ab5b70f664648774453bccbe5d3ce

      SHA1

      51bf685dedd21de3786fe97bc674ab85f34bd061

      SHA256

      0d95949cfacf0df135a851f7330acc9480b965dac7361151ac67a6c667c6276d

      SHA512

      d5139752bd7175747a5c912761916efb63b3c193dd133ad25d020a28883a1dea6b04310b751f5fcbe579f392a8f5f18ae556116283b3e137b4ea11a2c536ec6b

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tk\icons.tcl

      Filesize

      10KB

      MD5

      2652aad862e8fe06a4eedfb521e42b75

      SHA1

      ed22459ad3d192ab05a01a25af07247b89dc6440

      SHA256

      a78388d68600331d06bb14a4289bc1a46295f48cec31ceff5ae783846ea4d161

      SHA512

      6ecfbb8d136444a5c0dbbce2d8a4206f1558bdd95f111d3587b095904769ac10782a9ea125d85033ad6532edf3190e86e255ac0c0c81dc314e02d95cca86b596

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tk\pkgIndex.tcl

      Filesize

      363B

      MD5

      a6448af2c8fafc9a4f42eaca6bf6ab2e

      SHA1

      0b295b46b6df906e89f40a907022068bc6219302

      SHA256

      cd44ee7f76c37c0c522bd0cfca41c38cdeddc74392b2191a3af1a63d9d18888e

      SHA512

      5b1a8ca5b09b7281de55460d21d5195c4ee086bebdc35fa561001181490669ffc67d261f99eaa900467fe97e980eb733c5ffbf9d8c541ede18992bf4a435c749

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\tk\tk.tcl

      Filesize

      22KB

      MD5

      3250ec5b2efe5bbe4d3ec271f94e5359

      SHA1

      6a0fe910041c8df4f3cdc19871813792e8cc4e4c

      SHA256

      e1067a0668debb2d8e8ec3b7bc1aec3723627649832b20333f9369f28e4dfdbf

      SHA512

      f8e403f3d59d44333bce2aa7917e6d8115bec0fe5ae9a1306f215018b05056467643b7aa228154ddced176072bc903dfb556cb2638f5c55c1285c376079e8fe3

    • C:\Users\Admin\AppData\Local\Temp\_MEI6122\ucrtbase.dll

      Filesize

      987KB

      MD5

      637c17ad8bccc838b0cf83ffb8e2c7fd

      SHA1

      b2dd2890668e589badb2ba61a27c1da503d73c39

      SHA256

      be7368df484688493fb49fb0c4ad641485070190db62a2c071c9c50612e43fed

      SHA512

      f6b727c319ca2e85a9b5c5e0b9d8b9023f0cf4193fab983cfa26060923374c6abd6d11db1da2e524a8b04622a4e13beb4c48dc23f98886d4abb33eb09f3a0776

    • \Users\Admin\AppData\Local\Temp\_MEI6122\VCRUNTIME140.dll

      Filesize

      93KB

      MD5

      4a365ffdbde27954e768358f4a4ce82e

      SHA1

      a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

      SHA256

      6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

      SHA512

      54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

    • \Users\Admin\AppData\Local\Temp\_MEI6122\_lzma.pyd

      Filesize

      159KB

      MD5

      cf9fd17b1706f3044a8f74f6d398d5f1

      SHA1

      c5cd0debbde042445b9722a676ff36a0ac3959ad

      SHA256

      9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4

      SHA512

      5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

    • \Users\Admin\AppData\Local\Temp\_MEI6122\_overlapped.pyd

      Filesize

      45KB

      MD5

      7d5bb2a3e4fbceaddfeef929a21e610c

      SHA1

      942b69e716ee522ef01bde792434c638e3d5497a

      SHA256

      5f92c163b9fe6abb0f8b106a972f6a86f84271b2e32c67f95737387c85719837

      SHA512

      8c44f1683fdea0d8121ff2fe36f2582313980ef20ee1985af7ff36acb022acbb7617e85d2dd3b8e75715444dc0cfc4487c81b43d0222bd832aac867875afbe30

    • \Users\Admin\AppData\Local\Temp\_MEI6122\_queue.pyd

      Filesize

      28KB

      MD5

      dd146e2fa08302496b15118bf47703cf

      SHA1

      d06813e2fcb30cbb00bb3893f30c2661686cf4b7

      SHA256

      67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051

      SHA512

      5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

    • \Users\Admin\AppData\Local\Temp\_MEI6122\_ssl.pyd

      Filesize

      152KB

      MD5

      d4dfd8c2894670e9f8d6302c09997300

      SHA1

      c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e

      SHA256

      0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0

      SHA512

      1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

    • \Users\Admin\AppData\Local\Temp\_MEI6122\_tkinter.pyd

      Filesize

      64KB

      MD5

      cc74d36aeedc687d5ee733041042e2e5

      SHA1

      c304c579d15204eb25198e09a558ec747dea4832

      SHA256

      d55ef406b4612695499186355a6130885ad522e48556327c0fb409e0345d552d

      SHA512

      4e7e5330610e9588ad920f120e13260fa1ff94c73f5f286a42dd8475ce8387a8112ed38a5b0de5dcc855a0bcad6324a9b9344d8c576954f4c50a627ec6c34c86

    • \Users\Admin\AppData\Local\Temp\_MEI6122\libffi-7.dll

      Filesize

      32KB

      MD5

      eef7981412be8ea459064d3090f4b3aa

      SHA1

      c60da4830ce27afc234b3c3014c583f7f0a5a925

      SHA256

      f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

      SHA512

      dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

    • \Users\Admin\AppData\Local\Temp\_MEI6122\libssl-1_1.dll

      Filesize

      674KB

      MD5

      50bcfb04328fec1a22c31c0e39286470

      SHA1

      3a1b78faf34125c7b8d684419fa715c367db3daa

      SHA256

      fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

      SHA512

      370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

    • \Users\Admin\AppData\Local\Temp\_MEI6122\pyexpat.pyd

      Filesize

      187KB

      MD5

      2ae23047648257afa90d0ca96811979f

      SHA1

      0833cf7ccae477faa4656c74d593d0f59844cadd

      SHA256

      5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95

      SHA512

      13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

    • \Users\Admin\AppData\Local\Temp\_MEI6122\select.pyd

      Filesize

      27KB

      MD5

      e21cff76db11c1066fd96af86332b640

      SHA1

      e78ef7075c479b1d218132d89bf4bec13d54c06a

      SHA256

      fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28

      SHA512

      e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

    • \Users\Admin\AppData\Local\Temp\_MEI6122\tcl86t.dll

      Filesize

      1.6MB

      MD5

      c0b23815701dbae2a359cb8adb9ae730

      SHA1

      5be6736b645ed12e97b9462b77e5a43482673d90

      SHA256

      f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768

      SHA512

      ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725

    • \Users\Admin\AppData\Local\Temp\_MEI6122\tk86t.dll

      Filesize

      1.4MB

      MD5

      fdc8a5d96f9576bd70aa1cadc2f21748

      SHA1

      bae145525a18ce7e5bc69c5f43c6044de7b6e004

      SHA256

      1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5

      SHA512

      816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c

    • memory/4676-1255-0x000002C3E3220000-0x000002C3E3230000-memory.dmp

      Filesize

      64KB

    • memory/4676-1290-0x000002C3E07A0000-0x000002C3E07A2000-memory.dmp

      Filesize

      8KB

    • memory/4676-1271-0x000002C3E3320000-0x000002C3E3330000-memory.dmp

      Filesize

      64KB

    • memory/4676-1574-0x000002C3E04E0000-0x000002C3E04E1000-memory.dmp

      Filesize

      4KB

    • memory/4676-1575-0x000002C3E04F0000-0x000002C3E04F1000-memory.dmp

      Filesize

      4KB

    • memory/4676-1558-0x000002C3E75C0000-0x000002C3E75C2000-memory.dmp

      Filesize

      8KB

    • memory/4676-1565-0x000002C3E0790000-0x000002C3E0791000-memory.dmp

      Filesize

      4KB

    • memory/4676-1561-0x000002C3E07F0000-0x000002C3E07F1000-memory.dmp

      Filesize

      4KB

    • memory/4760-1317-0x000001EB29B00000-0x000001EB29C00000-memory.dmp

      Filesize

      1024KB

    • memory/4760-1540-0x000001EB3D820000-0x000001EB3D840000-memory.dmp

      Filesize

      128KB

    • memory/4760-1542-0x000001EB3E440000-0x000001EB3E460000-memory.dmp

      Filesize

      128KB

    • memory/4760-1526-0x000001EB3D520000-0x000001EB3D522000-memory.dmp

      Filesize

      8KB

    • memory/4760-1532-0x000001EB3D600000-0x000001EB3D602000-memory.dmp

      Filesize

      8KB

    • memory/4760-1534-0x000001EB3D620000-0x000001EB3D622000-memory.dmp

      Filesize

      8KB

    • memory/4760-1536-0x000001EB3D6E0000-0x000001EB3D6E2000-memory.dmp

      Filesize

      8KB

    • memory/4760-1538-0x000001EB3D700000-0x000001EB3D702000-memory.dmp

      Filesize

      8KB

    • memory/4760-1497-0x000001EB3D3F0000-0x000001EB3D3F2000-memory.dmp

      Filesize

      8KB

    • memory/4760-1488-0x000001EB3BA00000-0x000001EB3BB00000-memory.dmp

      Filesize

      1024KB

    • memory/4760-1318-0x000001EB29B00000-0x000001EB29C00000-memory.dmp

      Filesize

      1024KB