Malware Analysis Report

2024-11-30 13:18

Sample ID 240620-vqwhnsycqe
Target AutoClicker-1.0.5.exe
SHA256 36fd0d41bfd64cff5482cbdbc4e2704b078770673ce4f6a689d2b8eb02980bfe
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

36fd0d41bfd64cff5482cbdbc4e2704b078770673ce4f6a689d2b8eb02980bfe

Threat Level: Shows suspicious behavior

The file AutoClicker-1.0.5.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Detects Pyinstaller

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-20 17:12

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 17:12

Reported

2024-06-20 17:15

Platform

win7-20240508-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe

"C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe"

C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe

"C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI17002\ucrtbase.dll

MD5 61eb0ad4c285b60732353a0cb5c9b2ab
SHA1 21a1bea01f6ca7e9828a522c696853706d0a457b
SHA256 10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd
SHA512 44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-localization-l1-2-0.dll

MD5 8acb83d102dabd9a5017a94239a2b0c6
SHA1 9b43a40a7b498e02f96107e1524fe2f4112d36ae
SHA256 059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413
SHA512 b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-processthreads-l1-1-1.dll

MD5 9c9b50b204fcb84265810ef1f3c5d70a
SHA1 0913ab720bd692abcdb18a2609df6a7f85d96db3
SHA256 25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40
SHA512 ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-file-l1-2-0.dll

MD5 35bc1f1c6fbccec7eb8819178ef67664
SHA1 bbcad0148ff008e984a75937aaddf1ef6fda5e0c
SHA256 7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7
SHA512 9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d

C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-timezone-l1-1-0.dll

MD5 43e1ae2e432eb99aa4427bb68f8826bb
SHA1 eee1747b3ade5a9b985467512215caf7e0d4cb9b
SHA256 3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c
SHA512 40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

C:\Users\Admin\AppData\Local\Temp\_MEI17002\api-ms-win-core-file-l2-1-0.dll

MD5 3bf4406de02aa148f460e5d709f4f67d
SHA1 89b28107c39bb216da00507ffd8adb7838d883f6
SHA256 349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e
SHA512 5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace

C:\Users\Admin\AppData\Local\Temp\_MEI17002\python310.dll

MD5 e9c0fbc99d19eeedad137557f4a0ab21
SHA1 8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf
SHA256 5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5
SHA512 74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 17:12

Reported

2024-06-20 17:13

Platform

win10v2004-20240611-en

Max time kernel

70s

Max time network

70s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe

"C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe"

C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe

"C:\Users\Admin\AppData\Local\Temp\AutoClicker-1.0.5.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SaveExit.M2TS"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SaveExit.M2TS"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SaveExit.M2TS"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
BE 23.41.178.123:443 www.bing.com tcp
US 8.8.8.8:53 123.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 16.24.18.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI45082\ucrtbase.dll

MD5 61eb0ad4c285b60732353a0cb5c9b2ab
SHA1 21a1bea01f6ca7e9828a522c696853706d0a457b
SHA256 10521fe73fe05f2ba95d40757d9f676f2091e2ed578da9d5cdef352f986f3bcd
SHA512 44cd871f48b5193abb3b9664dbea8cdad19e72c47b6967c685cf1cc803bc9abb48a8a93009c972ef4936e7f78e3c92110828790aa0a9d26b80e6a523bbcd830d

C:\Users\Admin\AppData\Local\Temp\_MEI45082\python310.dll

MD5 e9c0fbc99d19eeedad137557f4a0ab21
SHA1 8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf
SHA256 5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5
SHA512 74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

C:\Users\Admin\AppData\Local\Temp\_MEI45082\VCRUNTIME140.dll

MD5 f34eb034aa4a9735218686590cba2e8b
SHA1 2bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA256 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512 d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

C:\Users\Admin\AppData\Local\Temp\_MEI45082\base_library.zip

MD5 9f0deedc9d5b269945c7b08f84853982
SHA1 fb1c466b7428f6ff7f52d747a165989d54408c42
SHA256 dc783a5c876c4b9d77094172ca521bc8eccc9d55b88d956a61d665b174573f84
SHA512 13d1225ee61e7ad985707ab3a2c2d8dbcbb05851191f58bcf923c3c54867f01ffc0daadf6a95bced38e615534eb1e12daa55392de186326731c18df192dc21d7

C:\Users\Admin\AppData\Local\Temp\_MEI45082\_ctypes.pyd

MD5 3fc444a146f7d667169dcb4f48760f49
SHA1 350a1300abc33aa7ca077daba5a883878a3bca19
SHA256 b545db2339ae74c523363b38835e8324799720f744c64e7142ddd48e4b619b68
SHA512 1609f792583c6293abddf7f7376ffa0d33a7a895de4d8b2ecebaede74e8850b225b3bf0998b056e40e4ebffb5c97babccf52d3184b2b05072c0dbb5dcb1866f8

C:\Users\Admin\AppData\Local\Temp\_MEI45082\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI45082\_socket.pyd

MD5 f59ddb8b1eeac111d6a003f60e45b389
SHA1 e4e411a10c0ad4896f8b8153b826214ed8fe3caa
SHA256 9558dda6a3f6ad0c3091d643e2d3bf5bf20535904f691d2bdb2ce78edf46c2da
SHA512 873c6841ebf38b217465f1ead02b46a8823ef1de67d6608701e30faf5024ed00ab3c4cc4aa8c4836552ecdb16c7470fe965cf76f26ee88615746d456ff6a2bcf

C:\Users\Admin\AppData\Local\Temp\_MEI45082\select.pyd

MD5 994a6348f53ceea82b540e2a35ca1312
SHA1 8d764190ed81fd29b554122c8d3ae6bf857e6e29
SHA256 149427a8d58373351955ee01a1d35b5ab7e4c6ac1a312daa9ba8c72b7e5ac8a4
SHA512 b3dfb4672f439fa43e29e5b1ababca74f6d53ea4bad39dfe91f59382e23dbb2a3aea2add544892e3fcd83e3c5357ee7f09fe8ab828571876f68d76f1b1fcee2f

C:\Users\Admin\AppData\Local\Temp\_MEI45082\_bz2.pyd

MD5 d61719bf7f3d7cdebdf6c846c32ddaca
SHA1 eda22e90e602c260834303bdf7a3c77ab38477d0
SHA256 31dd9bfb64b1bee8faf925296028e2af907e6d933a83ddc570ebc82d11c43cfb
SHA512 e6c7eab95c18921439f63a30f76313d8380e66bd715afc44a89d386ae4e80c980c2632c170a445bad7446ee5f2c3ee233ccc7333757358340d551e664204e21f

C:\Users\Admin\AppData\Local\Temp\_MEI45082\_lzma.pyd

MD5 afff5db126034438405debadb4b38f08
SHA1 fad8b25d9fe1c814ed307cdfddb5cd6fe778d364
SHA256 75d450e973cd1ccbd0f9a35ba0d7e6d644125eb311cc432bb424a299d9a52ee0
SHA512 3334d2ad9811e3be70b5a9fd84bc725c717a3ac59e2fd87e178cb39ac9172db7f9ec793011c4e613a89773b4f2425be66d44a21145a9051bed35f55a483759cc

C:\Users\Admin\AppData\Local\Temp\_MEI45082\pyexpat.pyd

MD5 4cb923b0d757fe2aceebf378949a50e7
SHA1 688bbbae6253f0941d52faa92dedd4af6f1dfc3b
SHA256 e41cff213307b232e745d9065d057bcf36508f3a7150c877359800f2c5f97cfc
SHA512 9e88542d07bd91202fcf13b7d8c3a2bbd3d78e60985b45f4fa76c6cd2a2abdee2a0487990bea0713f2ad2a762f120411c3fbbfaa71ef040774512da8f6328047

C:\Users\Admin\AppData\Local\Temp\_MEI45082\win32api.pyd

MD5 931c91f4f25841115e284b08954c2ad9
SHA1 973ea53c89fee686930396eb58d9ff5464b4c892
SHA256 7ab0d714e44093649551623b93cc2aea4b30915adcb114bc1b75c548c3135b59
SHA512 4a048a7a0949d853ac7568eb4ad4bba8d7165ec4191ce8bc67b0954080364278908001dbce0f4d39a84a1c2295f12d22a7311893f6b2e985c3ad96bd421aa3b8

C:\Users\Admin\AppData\Local\Temp\_MEI45082\pywintypes310.dll

MD5 a44f3026baf0b288d7538c7277ddaf41
SHA1 c23fbdd6a1b0dc69753a00108dce99d7ec7f5ee3
SHA256 2984df073a029acf46bcaed4aa868c509c5129555ed70cac0fe2235abdba6e6d
SHA512 9699a2629f9f8c74a7d078ae10c9ffe5f30b29c4a2c92d3fcd2096dc2edceb71c59fd84e9448bb0c2fb970e2f4ade8b3c233ebf673c47d83ae40d12a2317ca98

C:\Users\Admin\AppData\Local\Temp\_MEI45082\pythoncom310.dll

MD5 e3b435bc314f27638f5a729e3f3bb257
SHA1 fd400fc8951ea9812864455aef4b91b42ba4e145
SHA256 568982769735d04d7cc4bdd5c7b2b85ec0880230b36267ce14114639307b7bca
SHA512 c94baffbec5cadf98e97e84ba2561269ee6ad60a47cc8661f7c544a5179f9e260fbec1c41548379587b3807670b0face9e640e1d6bca621e78ef93e0bb43efcc

C:\Users\Admin\AppData\Local\Temp\_MEI45082\PIL\_imaging.cp310-win_amd64.pyd

MD5 17e391799227f1aa50f37761b520a97b
SHA1 1e19066b2a82fd26de41b1dbcd6e0505e8395306
SHA256 dc0416f7ab4d4134b4a50b7e5d4c50225fdd229a61cac9b2d7c50106cab16603
SHA512 df5d101bdb8eba2ddf15710ff18f278fc7b4e30c4f145743514fb6e351459b001c6b044e0490a850503dfb00b6306295922fb3a9ee7b5a38eb4e43ef053e3b70

C:\Users\Admin\AppData\Local\Temp\_MEI45082\MSVCP140.dll

MD5 6da7f4530edb350cf9d967d969ccecf8
SHA1 3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9
SHA256 9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da
SHA512 1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

C:\Users\Admin\AppData\Local\Temp\_MEI45082\_tkinter.pyd

MD5 5954a0102a4c2e6e0f71ceb2f6259fc9
SHA1 99b96da37baee75f0ab2d2165c8f194f26aa2041
SHA256 3ddcdec7a7a9b01f1af5a57f3cd66ae68883416fa7fb6aa7fa51b9cf1c24bf07
SHA512 5a986b2d931ea09048bce1d5816e9c8aaa63aeae48e4b5d844013e16a0229207553b4aabb4a790f55bcc5f5e0fabc5c819045b22d1d2e0eec9fe7ddcf1cba94d

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk86t.dll

MD5 4b6270a72579b38c1cc83f240fb08360
SHA1 1a161a014f57fe8aa2fadaab7bc4f9faaac368de
SHA256 cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08
SHA512 0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tcl86t.dll

MD5 75909678c6a79ca2ca780a1ceb00232e
SHA1 39ddbeb1c288335abe910a5011d7034345425f7d
SHA256 fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860
SHA512 91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

C:\Users\Admin\AppData\Local\Temp\_MEI45082\VCRUNTIME140_1.dll

MD5 135359d350f72ad4bf716b764d39e749
SHA1 2e59d9bbcce356f0fece56c9c4917a5cacec63d7
SHA256 34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32
SHA512 cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tcl\encoding\cp1252.enc

MD5 e9117326c06fee02c478027cb625c7d8
SHA1 2ed4092d573289925a5b71625cf43cc82b901daf
SHA256 741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e
SHA512 d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

C:\Users\Admin\AppData\Local\Temp\_MEI45082\_queue.pyd

MD5 c8a1f1dc297b6dd10c5f7bc64f907d38
SHA1 be0913621e5ae8b04dd0c440ee3907da9cf6eb72
SHA256 827a07b27121200ed9fb2e9efd13ccbf57ca7d32d9d9d1619f1c303fb4d607b7
SHA512 e5f07935248f8d57b1f61fe5de2105b1555c354dd8dd98f0cff21b08caba17b66272a093c185ca025edb503690ba81d5fa8b7443805a07338b25063e2f7ea1b1

C:\Users\Admin\AppData\Local\Temp\_MEI45082\customtkinter\assets\themes\blue.json

MD5 9dcfadad1b80e97512819c057ccbc56c
SHA1 d1720fd7a06b0300a313d7cfd0bf040585cebb8a
SHA256 6baa6d0d43b58c90fa40428d2cb9237e31d2c181f0f95a5a768a6c78b88331e7
SHA512 b798f1aa183c89b138750799ca57abb5f5f239ed2656b57ad78e5644e53105d445b78605a5ecf1effa8d66fedf97a89732288f5db775cfd2f12f527ec8892724

C:\Users\Admin\AppData\Local\Temp\_MEI45082\unicodedata.pyd

MD5 c01a5ce36dd1c822749d8ade8a5e68ca
SHA1 a021d11e1eb7a63078cbc3d3e3360d6f7e120976
SHA256 0f27f26d1faa4f76d4b9d79ad572a3d4f3bbe8020e2208d2f3b9046e815b578a
SHA512 3d4e70a946f69633072a913fe86bada436d0c28aca322203aa5ec9d0d7ae111129516d7adb3fdeef6b1d30b50c86c1de2c23a1bc9fba388474b9d9131c1e5d38

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tcl\init.tcl

MD5 982eae7a49263817d83f744ffcd00c0e
SHA1 81723dfea5576a0916abeff639debe04ce1d2c83
SHA256 331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f
SHA512 31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\spinbox.tcl

MD5 77dfe1baccd165a0c7b35cdeaa2d1a8c
SHA1 426ba77fc568d4d3a6e928532e5beb95388f36a0
SHA256 2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277
SHA512 e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\scrlbar.tcl

MD5 5249cd1e97e48e3d6dec15e70b9d7792
SHA1 612e021ba25b5e512a0dfd48b6e77fc72894a6b9
SHA256 eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f
SHA512 e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\scale.tcl

MD5 857add6060a986063b0ed594f6b0cd26
SHA1 b1981d33ddea81cfffa838e5ac80e592d9062e43
SHA256 0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05
SHA512 7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\panedwindow.tcl

MD5 286c01a1b12261bc47f5659fd1627abd
SHA1 4ca36795cab6dfe0bbba30bb88a2ab71a0896642
SHA256 aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9
SHA512 d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\menu.tcl

MD5 078782cd05209012a84817ac6ef11450
SHA1 dba04f7a6cf34c54a961f25e024b6a772c2b751d
SHA256 d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89
SHA512 79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\listbox.tcl

MD5 804e6dce549b2e541986c0ce9e75e2d1
SHA1 c44ee09421f127cf7f4070a9508f22709d06d043
SHA256 47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801
SHA512 029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\entry.tcl

MD5 f109865c52d1fd602e2d53e559e56c22
SHA1 5884a3bb701c27ba1bf35c6add7852e84d73d81f
SHA256 af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048
SHA512 b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\button.tcl

MD5 aeb53f7f1506cdfdfe557f54a76060ce
SHA1 ebb3666ee444b91a0d335da19c8333f73b71933b
SHA256 1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5
SHA512 acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\icons.tcl

MD5 995a0a8f7d0861c268aead5fc95a42ea
SHA1 21e121cf85e1c4984454237a646e58ec3c725a72
SHA256 1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85
SHA512 db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tcl\opt0.4\pkgIndex.tcl

MD5 07532085501876dcc6882567e014944c
SHA1 6bc7a122429373eb8f039b413ad81c408a96cb80
SHA256 6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe
SHA512 0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tcl\http1.0\pkgIndex.tcl

MD5 a387908e2fe9d84704c2e47a7f6e9bc5
SHA1 f3c08b3540033a54a59cb3b207e351303c9e29c6
SHA256 77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339
SHA512 7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\pkgIndex.tcl

MD5 3367ce12a4ba9baaf7c5127d7412aa6a
SHA1 865c775bb8f56c3c5dfc8c71bfaf9ef58386161d
SHA256 3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898
SHA512 f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tcl\package.tcl

MD5 ddb0ab9842b64114138a8c83c4322027
SHA1 eccacdc2ccd86a452b21f3cf0933fd41125de790
SHA256 f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948
SHA512 c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tcl8\8.5\msgcat-1.6.1.tm

MD5 bd4ff2a1f742d9e6e699eeee5e678ad1
SHA1 811ad83aff80131ba73abc546c6bd78453bf3eb9
SHA256 6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb
SHA512 b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tcl\tm.tcl

MD5 215262a286e7f0a14f22db1aa7875f05
SHA1 66b942ba6d3120ef8d5840fcdeb06242a47491ff
SHA256 4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f
SHA512 6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tk\tk.tcl

MD5 338184e46bd23e508daedbb11a4f0950
SHA1 437db31d487c352472212e8791c8252a1412cb0e
SHA256 0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9
SHA512 8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tcl\auto.tcl

MD5 08edf746b4a088cb4185c165177bd604
SHA1 395cda114f23e513eef4618da39bb86d034124bf
SHA256 517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c
SHA512 c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

C:\Users\Admin\AppData\Local\Temp\_MEI45082\tcl\tclIndex

MD5 c62fb22f4c9a3eff286c18421397aaf4
SHA1 4a49b8768cff68f2effaf21264343b7c632a51b2
SHA256 ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89
SHA512 558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

memory/4204-1191-0x00007FF9D3390000-0x00007FF9D33C4000-memory.dmp

memory/4204-1192-0x00007FF9D30D0000-0x00007FF9D3386000-memory.dmp

memory/4204-1195-0x00007FF9D3090000-0x00007FF9D30A1000-memory.dmp

memory/4204-1194-0x00007FF9D30B0000-0x00007FF9D30C7000-memory.dmp

memory/4204-1190-0x00007FF769F90000-0x00007FF76A088000-memory.dmp

memory/4204-1193-0x00007FF9D7370000-0x00007FF9D7388000-memory.dmp

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 531467de18495b18848c77d3ec6d206e
SHA1 44f4da54b3efd5894f290453e9b73bdfdec98b60
SHA256 909abcd8fecc24a03192b4058477829952289ad4b65cfc573bc39f42b28d760e
SHA512 7d8bb20d17509aeee70254e09c009cfb19cb510e96b2f2cbc788e04435fa42b22398bf2098d6b6af98aebe1166d206cad509fc24760dc73565a4775059790e27

memory/3600-1216-0x00007FF9D7370000-0x00007FF9D7388000-memory.dmp

memory/3600-1218-0x00007FF9D3090000-0x00007FF9D30A1000-memory.dmp

memory/3600-1217-0x00007FF9D30B0000-0x00007FF9D30C7000-memory.dmp

memory/3600-1215-0x00007FF9D30D0000-0x00007FF9D3386000-memory.dmp

memory/3600-1214-0x00007FF9D3390000-0x00007FF9D33C4000-memory.dmp

memory/3600-1213-0x00007FF769F90000-0x00007FF76A088000-memory.dmp

memory/468-1227-0x00007FF9D3390000-0x00007FF9D33C4000-memory.dmp

memory/468-1228-0x00007FF9D30D0000-0x00007FF9D3386000-memory.dmp

memory/468-1226-0x00007FF769F90000-0x00007FF76A088000-memory.dmp

memory/468-1229-0x00007FF9CF100000-0x00007FF9D01B0000-memory.dmp