f69a5e869d6f4fd848f9df36d3ba0055eb22b5c28b4e7b87b25601472c0704ba

Analysis

max time kernel
557s
max time network
1161s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2024, 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

venus.exe
Size

103.7MB
MD5

5162dcc21c9799cd6f69a7fba17b21b6
SHA1

ae0e92a7f5aff86cf1cb18c2e272b365cecc0a45
SHA256

0ff9ab22b8115ba20885aca09eb5df210fa2b2ca29c1d9da2bfb52b6a2a7eac8
SHA512

090adf19cb9bf0ae19bf76ba4ab1b3d4e4df30ec97ce2323b9579aa1391b9458ca4faf98f0e8a1effd15bf2394c5a7b2f611257af866de46a0548044d1dff6b4
SSDEEP

3145728:jPgOb8S6xjKcBa6c2qHO5iVIinGQbRe0zJcB8a6qrbZo:jbgSWNa6sHCip1XcB8a6q

Score

8^/10

evasion execution persistence

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5524	powershell.exe
1984	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
2184	attrib.exe

Executes dropped EXE 2 IoCs

pid	Process
3100	VenusPanel.exe
5680	VenusPanel.exe

Loads dropped DLL 64 IoCs

pid	Process
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VenusPanel = "C:\\Users\\Admin\\VPplus\\VenusPanel.exe"	venus.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
29	discord.com
30	discord.com
31	discord.com
26	discord.com
27	discord.com
28	discord.com

Kills process with taskkill 1 IoCs

evasion

pid	Process
7308	taskkill.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1204	venus.exe
1204	venus.exe
1204	venus.exe
1204	venus.exe
1984	powershell.exe
1984	powershell.exe
1984	powershell.exe
5680	VenusPanel.exe
5680	VenusPanel.exe
5680	VenusPanel.exe
5680	VenusPanel.exe
5524	powershell.exe
5524	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5680	VenusPanel.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1204	venus.exe
Token: SeDebugPrivilege	1984	powershell.exe
Token: SeDebugPrivilege	7308	taskkill.exe
Token: SeDebugPrivilege	5680	VenusPanel.exe
Token: SeDebugPrivilege	5524	powershell.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5680	VenusPanel.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 1204	1016	venus.exe	90
PID 1016 wrote to memory of 1204	1016	venus.exe	90
PID 1204 wrote to memory of 1984	1204	venus.exe	93
PID 1204 wrote to memory of 1984	1204	venus.exe	93
PID 1204 wrote to memory of 4532	1204	venus.exe	95
PID 1204 wrote to memory of 4532	1204	venus.exe	95
PID 4532 wrote to memory of 2184	4532	cmd.exe	97
PID 4532 wrote to memory of 2184	4532	cmd.exe	97
PID 4532 wrote to memory of 3100	4532	cmd.exe	98
PID 4532 wrote to memory of 3100	4532	cmd.exe	98
PID 4532 wrote to memory of 7308	4532	cmd.exe	100
PID 4532 wrote to memory of 7308	4532	cmd.exe	100
PID 3100 wrote to memory of 5680	3100	VenusPanel.exe	102
PID 3100 wrote to memory of 5680	3100	VenusPanel.exe	102
PID 5680 wrote to memory of 5524	5680	VenusPanel.exe	103
PID 5680 wrote to memory of 5524	5680	VenusPanel.exe	103

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2184	attrib.exe

C:\Users\Admin\AppData\Local\Temp\venus.exe
"C:\Users\Admin\AppData\Local\Temp\venus.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Users\Admin\AppData\Local\Temp\venus.exe
  "C:\Users\Admin\AppData\Local\Temp\venus.exe"
  2⤵
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1204
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\VPplus\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\VPplus\activate.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4532
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:2184
  - - C:\Users\Admin\VPplus\VenusPanel.exe
      "VenusPanel.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3100
    - - C:\Users\Admin\VPplus\VenusPanel.exe
        
        "VenusPanel.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5680
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\VPplus\""
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5524
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "venus.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:7308

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x520
1⤵
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI10162\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_bz2.pyd

Filesize
83KB

MD5
dd26ed92888de9c57660a7ad631bb916

SHA1
77d479d44d9e04f0a1355569332233459b69a154

SHA256
324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697

SHA512
d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_ctypes.pyd

Filesize
122KB

MD5
c8afa1ebb28828e1115c110313d2a810

SHA1
1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a

SHA256
8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0

SHA512
4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\_lzma.pyd

Filesize
156KB

MD5
8cfbafe65d6e38dde8e2e8006b66bb3e

SHA1
cb63addd102e47c777d55753c00c29c547e2243c

SHA256
6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff

SHA512
fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-console-l1-1-0.dll

Filesize
13KB

MD5
e13943d717a1f374973cfd6c3bd95dd6

SHA1
6ddb2c19abde7ac20a5aca28e0e675d402f060e1

SHA256
c2855050cd382f49b184aa456087a03ca8dcbf6e3ea97303ed55d65f43e6acae

SHA512
2029e94d8ce4a120ab64fb8d34614505fa02191794377b7e0133c7861fb692b4b6324325d12660346f18cf28f709a58291e2fca3ab423ea781cfb955a6547918

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-datetime-l1-1-0.dll

Filesize
13KB

MD5
7666652e07fd736895684ff48c1c473b

SHA1
fc8ada7f732e559dd8f1ec3323e05f7a8828a096

SHA256
037e919ecfbb889df7ed0fd1c21dd3b78328d2d257dad9c77b46708faa5aca4f

SHA512
41e4fa3369b57b48c92e779e563ca116b4aabbeb669d0b0374585bb2068927332abd7e402d5b45ab697c57e28bed444ccd376e4623d61ef126cb26e507e171db

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-debug-l1-1-0.dll

Filesize
13KB

MD5
02dc783f95c6bab869820720cbe8c1c7

SHA1
b58d26926212e6b366f640d97f11baaae299516b

SHA256
a41690a67915b081067975d500291aa09e296793f93359ee96e8dd0d4bddc37b

SHA512
803fa0279e5de9300a1dcd8594b745b2eb6e5f39f014f359be119d94b596efa9a2a226bc464f87dedc2cac9cdbca74fd8ad54693d417608417b65353f40f0bef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
13KB

MD5
accc604b014af50c05255e82e4319817

SHA1
a96503d05209acc98f006c93be581ed7668d469b

SHA256
d0ddbc0e1b09fee6a643338a58e7885988d26a1ffe52bb98d8d587de9dd0b27f

SHA512
87cbe7086b49589cada9f88351e63a6df06a26a17331586bb52e9e6de25030356640584eaadd4a43f9b9c34dde718244c21da5bd38cbb0948ff3ba1a8863886d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-file-l1-1-0.dll

Filesize
16KB

MD5
3ec8c7861c987a0231d4442eee5d9f73

SHA1
6e1a80f927993af339d74b5b97d406cb714d5306

SHA256
ef8735ea5425fc4aa24c41f30a71ee291c9325c79f37f58bd5319b0d088e8c04

SHA512
918202c0116b62178141bbe5094ddcc690d6e4bc44a212ca3854c54bcbb7e37ea84fef259abb25b5a548c9a9c94d5410792e01950514156a77a65f2e656b3720

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
1a8c0cd78adaba2396b28bf31bd73185

SHA1
0aeebb8463c5bf7e5193b7e00f3091ac9bdd4ef8

SHA256
680be94de44f1f474cac055f4d68a67bf667be6f3b25f5e7ce8ac492c0ae3477

SHA512
bfabfea70e2f930d1080e5bf3e46a6fb37cad7b2e852a0da5b5b1aefb1518692af70651785102a6bf6f53b201294c35b250caa74cd042a9fcfcce28fe1089289

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
985f3e4bb4780106966f142ecb5f10e8

SHA1
176722b5fef7b68a032fc9efaacfdd6165f48d5b

SHA256
1e796f9913dc3b56e362f75196b4cbca6defd31aac5f4982ea8bd83633ddf622

SHA512
a105b343fa0c70ef5d21ae7215580e00626ad025be7dc632b3d130dbe5484d07e152d4c94b3ce632b9530c83b6fd1ecbc598b096bef5e582bcf54c1346996f2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-handle-l1-1-0.dll

Filesize
13KB

MD5
946bddddefebe6aa11cc4960a47e8736

SHA1
ac2b04bace5dd0fb1f3ec0b1787e14eb5b4dd471

SHA256
fbba5b885633b1a3c9073dfbb06962426e0aa9a4fcc01df1e428d3ec46aecb0e

SHA512
c2036d7ae7d68f22731c604c46bc34f4c709e94a8a5fc75217ffad8dcb828b9d9989e259423e3f5dc842905ccc2064ebfc403f18e2902d5bc145f61922887987

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-heap-l1-1-0.dll

Filesize
13KB

MD5
5b643ca63d01df005bc01656b4883572

SHA1
74ca5b3db2e2319a1348f7db39da4b58546ae93e

SHA256
09074d0426341a6b6aef9efe68809a3a98a22b80fdf0bf51a5ef6c8802f64081

SHA512
9d777a972e75b91a3244e253f3f18b98591da5ae7fd3ce7211cc65a9932cbd43093537adcb2d11ff5cfd1f53b4c6609d9192885144616edf8fa0144bb0c2c6da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
13KB

MD5
81ab27ca78111616152be91c158368c0

SHA1
aabff338b8afb48efab4b86b103856a311bada38

SHA256
695857cf7cfb7507e07a29a1e4fa7f0404525fd9693edf951686c86459a56039

SHA512
649cbe41441cfb90813f5cfdd8f34cf7184a13b3fbbf2e0e4958dadee55310dd47f5bce2d01c78ed61264b5e8e0b219edcdf0f39b80cfd7edb5fd27a446284f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
14KB

MD5
ec5f26ec7bd2b99c986cb74e3b22d515

SHA1
0b61800038adaf2c01aa11ead78e007a6765476a

SHA256
0e4aaf1e1b36f61be6a1a2421a6b176292959d4c6801262f2e93e8a3e90704fa

SHA512
91f93bff0b82b5509f48c9124134ede02b07fb41b8b7591062ea45ec8674ae872eacde42b55bfee089a332128a1938f1b59dc87b250a59cf8b50fcbc3bb0ea61

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
dbf0dde7e7f97ab5c427f8702a797104

SHA1
d3c1e1963f2bbd88f6578b6b5680e98accb90ce3

SHA256
0b0f8998384a5196fe5d8c326109cfb563c6503651053ca5ad48e9a55d22d88f

SHA512
62c22c0dbd89d924d078be93134e897542ea4b4fc27602a58b21b779849b70e44004286f659399b3668f419c4443b117c4320089ac839efbbf623f1acf66926c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-memory-l1-1-0.dll

Filesize
13KB

MD5
5afdb110e7d3602bdc2d6b5fee1f5c53

SHA1
47ce93009d85bb1fa6348c595a1edd66dfdf9b0a

SHA256
e55ca267d34fc64bd473dba4f8fae166598c3265e0cd0fde18c81e5d9dc2d4c9

SHA512
d93df23b9770396ce3a1ed9fdbbc64d2571ff75e8bf32cd0a2cd9061953de7238334a171d9005f57bb576168d1af368358f898479965b8c98d628c1ad382803c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
13KB

MD5
17c33d7956d5341c4c38fda5f5956e2d

SHA1
995a892c924404bf03e6731e3677cd33725ec705

SHA256
7d8a432f76a31ab68112e77a96d984cf3cf74d0431e8029033b9420ed09cded6

SHA512
6609758a4b6703e7de29b6ec36a8850ecd9427b57e8ada29ee2b0ff879a8028b9cfb91253076435cd8529dcee7144aeb765d475909f8d9afe882bc45133c5e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
14KB

MD5
a21071b54c702a43b2753bd312f308f2

SHA1
12c73a7483251aad61e8533fc405992722a75915

SHA256
07100bbf2fce67b1c0ed1488928b13bfc97f9550f94c82470965d1e3141f102e

SHA512
80b613b2572a1ea1b6c6ec6dae3368e0cae0c541f68d587d237c85caa3a48107260ea755961486078cf3ce198ae2cf59c93b4151da77cae3157714348737cf75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
15KB

MD5
3561a0b18f410f273c4a42ec52c663c7

SHA1
01af410123a36fe97eaee9fd2c5a34254959a829

SHA256
20f76b5f39c459cc5393d7cfa535872a12aa8b6f55d3ca95576659522606e54d

SHA512
081eebf18817942a63572bec491b9b035a911cc7378473ace6f51cefa58701634d618e726371ffee29658b847583cf22b2a3d1db421d96a0cc56694f65c8cdde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
394187f15fb59dabca1c852cce8fb338

SHA1
9c141e0ceb87c9a8b9d4df3a5d2a2f1a53af2217

SHA256
e11507a65876997cc77cd5e2b7c82ddcd0252718c43a86fe940f09483bd37bf0

SHA512
b3f0aeb8c2f3fd6f28e2e8f1ff66f117234ac5e3e7f9487b3399ab98aab0fd234161ec3858e8d7774ceedd95b06024457f9ed891c7967eb7bb3ab9aca1f5a700

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-profile-l1-1-0.dll

Filesize
12KB

MD5
100f483d30a96484bb4b4ff8220b343c

SHA1
7651f0ddcc998c15a0596f250652fbcdbcb70275

SHA256
bfb75ad405c68acde813b49b00228a2f1230c0fe4977f8e000ea98486e1d2a47

SHA512
04f0d0b1a37e6b5905188008edd0352b4b15b2a94e140363127022ed596c700f08dfb594ba6725c3d8f6bd24976b87e687c7fd63050723f2db3cb8a36b643508

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
13KB

MD5
ee64e28ac193956a904404e018cf55c8

SHA1
9193fe61ba54b6034cf372e73eed30b37e8722bd

SHA256
2d732e8384cd299c68f430651d98c5e1b5045cb0109e466f8f41b6e92a4ee4ef

SHA512
e0e3575afd0bbcc602201d6f196d8e7fe0b312d693e5d62b1afb14c5f5a84a7c9a3d101823ed025ce21a7437347fcf8b9a25cdc0cb47ac1311c667c93b8a58c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-string-l1-1-0.dll

Filesize
13KB

MD5
9bc43cd0ab58419f0a786159c0a73425

SHA1
bc9c906c958aad5698e394ad2736ee933012dd9c

SHA256
901a0aec184110c3deadd703107a3669586a1f6ed0eb14cc03abb204f9ea1572

SHA512
b708b4bcaba60303f5a08d663084d459dcc608f0420925bb98f38ecbcebdc8cfb6364a82e38d02078bf06ee62ee9fa10bb3c6e3426e229deadf3307039a36eaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-synch-l1-1-0.dll

Filesize
15KB

MD5
80437a8bda0f7f5865123c4e65cbdcab

SHA1
f237b7abad3283d41a67dc128b8363cc67eb47fc

SHA256
ee650fdfab0a929e3b125f4a518832bfa32dbf90d397b5033a5c0724b17332ba

SHA512
a93b57f6a5546a058f678713f6369cac66a3c0d83d789b2f4a5cf8248def2f479c46dfdda6131607c895eb7accebb66863bbd1c0089f3ce84c18d1f8a6ea4444

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-synch-l1-2-0.dll

Filesize
13KB

MD5
73b0c7d3a865a7e3632e379eeb40d182

SHA1
ad209b0419c9e2f11d748b90163393ad147c43ff

SHA256
645ba2826525bad9bc3c0f8a89445f264164a0f8bd3c6f6156c0b05c691d3cdf

SHA512
09ea78eea57dfa08f5097e56fa771dc6596987e2e67b982d89db27eca2e155eebba942d3a0d01f98a359ac0ac9e4ff947401d06fcd993ca0d534fdbeed61a3b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
14KB

MD5
bd1a4b4fe4cbb201a96c871b05504000

SHA1
5f42395739f0fb5ac0103eaac70973135707d135

SHA256
9040a044e4d2cfd74783eb9a1de38d47de187c4cdd1f67989b912debf625e409

SHA512
eea89f3818af25fa7c913fcc832439c7289bc56a303ad5bc069ffc13983585b7e88ada1fec39513e5599026c6a90d63890d5e28210d731f134ad1a0cf66f0984

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
11e0c5fd19f44e1462d40b432f2a2360

SHA1
1b0a138086f7393ffb44df54187ecf9de1dd69fe

SHA256
8e668c0b0e9de7ef135308a251b5a293dbf6b778d563bee57c3f1d903cc5f332

SHA512
4262bd62d9c7ff116abb90693f44fdb7c934cefef0ef1800e44a7420173d17922a066a21b4b737e92c58a2081da9c8d5057e7680d27271ecc4b9dd44d78dfec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-core-util-l1-1-0.dll

Filesize
13KB

MD5
521b2baf302d1dd95220ec74b22cdcb7

SHA1
35472327a6ad16739a23c37da63d16ee3db2da6a

SHA256
da29676294c3b06d3de61226d893bb53dcb322175dfa8693f353a73dea8e9745

SHA512
5ed815e7a0f431492ff3ee5a849a73cc5b058060bcf75a933c8062efda3336ed05f5e19a2b80dd5d93a49e26916346d523bec78469a21c56428e019e003d65c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-conio-l1-1-0.dll

Filesize
14KB

MD5
12cc6ee52d96e0a5a51278cd68a8730b

SHA1
2edaabdaa6b3774eab61819068412d7e6ae5c753

SHA256
0f5dbcfea95e295819aa0a4194e6b0239b31800b0db5e77e8c2ae932c2e19581

SHA512
eacccc2f0e02f7be596a6efa56e5f06b8704ef2a92fba1e2ecd5964d96079f0b542093a0677546d38b9a305d167d6f552ecd4105e35fd3e192593949cde34935

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-convert-l1-1-0.dll

Filesize
17KB

MD5
32a62146b8e636e6ed61af730fee8b6b

SHA1
c086562096efb1d125c25d9a64b5979c4c6861fd

SHA256
4b2f8f7ca51abacc70f87bc39149f7c660eb76a337e60f17efbcf5f21b2cb020

SHA512
9450681e753aaa56aaf155793fba66f0889d627e9b6af0cfb6791da30bb626101c30bccc5e8f9d364d8f6787878001a3cfc1f1a6004d5f5b6ba580c173def201

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-environment-l1-1-0.dll

Filesize
13KB

MD5
a2a631beb2d33d86fed2888c9d6ab98b

SHA1
9303c14b6e859c14c627edca05b931658b29ebc1

SHA256
2513cee75c1bab0dc0b05542975c7b5b136c0c8f5b0c743d666684363a527197

SHA512
0ff3915873650ffb77c1e7fcfd818d42614f1b32f7729b0ea7256ea4e6da4aedb258e64635c5ce100487bf5091b6a88ad7852455f6f59a1cb927fda821b9875e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
15KB

MD5
90e3d49e3908064b0680a367731085e5

SHA1
1a28f0a08c7c9ffd0fb35e6173d67fdf31f39eca

SHA256
cce3bde592014a684ddcc1c2b412d1ffe46c1bef2f7bd1c800586fe4cedbb6a7

SHA512
7b165e96be8b61ead696331bfaa31fc30739ce26a55b8d7c45da80c29a952673c848e12b726e195e783ca29a8c5c3db4323ae9bf1b74b8fd24850c6f19a3dc0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-heap-l1-1-0.dll

Filesize
14KB

MD5
7fc0cf557f3a7967d5d42c975dcb2468

SHA1
80089bd41f6b148929b4ae6363b4a948b3f22168

SHA256
b7e4354ab3a34be5433ab5fa56efe1d54d3d03fbe323529d6490c36f33257910

SHA512
38e6a20a65d0e8f72939cf767e77c2287fe8f290df2813b91917bc5e7d134379c9890add9765f566f9b23f71dcb2ec94114e29e6a1425adba86f571a83128a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-locale-l1-1-0.dll

Filesize
13KB

MD5
a4b41dfb2fac1df4acb333e33b54d8cf

SHA1
ec765cb615b5bbcc12a2117342cc0f9163811f33

SHA256
710d2f37e98a857c4a63052d0a63a0eac55e25ce6bc7a96a9c810a79c9f99194

SHA512
4950922598dd47427e34ca375f25ff7c415f72ed91cd434eab7dfbc2d3e624e903867ecf911179cc319f3bb9a6d88af949da62d2a174b38cf13e05b813bcbef3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-math-l1-1-0.dll

Filesize
22KB

MD5
c7e3665ed209f5854716e4b24a0ebe78

SHA1
316c924c9f31132b84e193beb1a700225c181aec

SHA256
d95e77f4148b4de96ddee53c306946801aa49b122dd8169200ae0407039c8889

SHA512
db237b5781ba28d4abc18c91e0918226feb4511ef027766ff714e066f8571761826275213cd16d4f3836de98ab8e6d4bbcdb91044e40dc76af340a021d522bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-private-l1-1-0.dll

Filesize
64KB

MD5
716da19ecded6359e1c3dbecc3a62fb2

SHA1
e2d02e88e7cfe6186855a8ab8eea3373aa95f88d

SHA256
09c94431bd7a7858a830b83184a45889daac5373afbbb4aea002ff46c785e706

SHA512
eddae7393f0d37c22725be61a05850b8daadada1bf26164dca1e331e341fe32157efa8a89c37c614c8c5a79adf63b4d4fda4404be5aac0b862ffa95e70e4abb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-process-l1-1-0.dll

Filesize
14KB

MD5
270b4c4d84206e216eb762126146e00c

SHA1
790d33f8f2a1f17d453ad220c94268beac7574c2

SHA256
d6faad51ce4ba6d940b6705f147e6672d427473fb847387efe12018ebe9e959a

SHA512
a034125287d1268f4e22189aa5b6aa2ed30e211560579357d676bda80a058dc845575b1f28f47251cd66fc2b2213ff98f3e1b4b93fd170dc3792adddc78f05e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
17KB

MD5
89ed38e40147e1bc41aa0cf9f0e2ab63

SHA1
75d49c4a375b49f118abff1943f4b118cccbf902

SHA256
7dafdb698d20e0ce51b855a5c2387bd3def710002e0112d01e356800c8784cd5

SHA512
0f3e707ff5003da040a80f9ebdf5789bd77a7bcb99e187063f36b0fa0b78aa54bba8f4d16baca9d22601ddfadaf8b1c402ce8843c2746311be05d69ca65a0647

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
19KB

MD5
862f8bb1f78f70750bdd11a70a64959a

SHA1
9bcbe8f926bf95f0379b9890ca69bd076fe33e56

SHA256
15f3c3768fe5b31930892ceb7cdf7d57970d6dc57de19d11f8b4d2eb012db592

SHA512
8f974d5d319598dd75de29deb3fb7ca6717d08cb1f26733e899ea718dbb3df6578d7515faa45112743f545765f2eef90888eb731ba520be8a6ac3178096dd841

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-string-l1-1-0.dll

Filesize
19KB

MD5
4e08c0c13991db2c8e9ab06ee913bd75

SHA1
1f0557897287f8d1e932901b17b95877e58e4d20

SHA256
d2d9b471dd654f79405d8437099d35fb9310f2eea84ed1bab2c0f2f018d23629

SHA512
a628ac58452313c5286deaf643c27a723c49d69246816aae7a630b2edc61e82264eda985312df40a082bed2b1ca64ef0e3f2052fab83f25e75ce7f07c8639384

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-time-l1-1-0.dll

Filesize
15KB

MD5
c175d4b0b7d79c3a823ef27867baf1cd

SHA1
c2d467f192c3aea839970e8857d9419b92e242e3

SHA256
e630d8e8693b8c52dd271c91a749ec3dc039f4d4907c174100049771c83ea26b

SHA512
9af6e28f04bdf540912164017d5c53e28ea89d771c7ecc24cdfb77853bcdb829cf3c810f9f817a89ae3fbee83e87781f2d76c7f8e0f9ffa35fc462c6676a8fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\api-ms-win-crt-utility-l1-1-0.dll

Filesize
13KB

MD5
9a877a2d1d589b855477bc5f6e4958f0

SHA1
f74c4c045e7de672cf5501e7a89bbbd075e0e6b6

SHA256
8e6623c4108a8da4ff6280d8a4a267f54c138d0bd345bc7b88a3ae546d364a61

SHA512
49aa1b9dcd8ae4577a59f7c3ac7dd927aaf07565fde71691af094b99869bf059658d110c2332e38307c10733008c31e17b9582446fbfd22d5f55990a2926b552

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\base_library.zip

Filesize
1.3MB

MD5
763d1a751c5d47212fbf0caea63f46f5

SHA1
845eaa1046a47b5cf376b3dbefcf7497af25f180

SHA256
378a4b40f4fa4a8229c93e0afee819085251af03402ccefa3b469651e50e60b7

SHA512
bb356dd610e6035f4002671440ce96624addf9a89fd952a6419647a528a551a6ccd0eca0ee2eeb080d9aad683b5afc9415c721fa62c3bcddcb7f1923f59d9c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\freetype.dll

Filesize
639KB

MD5
236f879a5dd26dc7c118d43396444b1c

SHA1
5ed3e4e084471cf8600fb5e8c54e11a254914278

SHA256
1c487392d6d06970ba3c7b52705881f1fb069f607243499276c2f0c033c7df6f

SHA512
cc9326bf1ae8bf574a4715158eba889d7f0d5e3818e6f57395740a4b593567204d6eef95b6e99d2717128c3bffa34a8031c213ff3f2a05741e1eaf3ca07f2254

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libjpeg-9.dll

Filesize
238KB

MD5
c540308d4a8e6289c40753fdd3e1c960

SHA1
1b84170212ca51970f794c967465ca7e84000d0e

SHA256
3a224af540c96574800f5e9acf64b2cdfb9060e727919ec14fbd187a9b5bfe69

SHA512
1dadc6b92de9af998f83faf216d2ab6483b2dea7cdea3387ac846e924adbf624f36f8093daf5cee6010fea7f3556a5e2fcac494dbc87b5a55ce564c9cd76f92b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libmodplug-1.dll

Filesize
259KB

MD5
ead020db018b03e63a64ebff14c77909

SHA1
89bb59ae2b3b8ec56416440642076ae7b977080e

SHA256
0c1a9032812ec4c20003a997423e67b71ecb5e59d62cdc18a5bf591176a9010e

SHA512
c4742d657e5598c606ceff29c0abb19c588ba7976a7c4bff1df80a3109fe7df25e7d0dace962ec3962a94d2715a4848f2acc997a0552bf8d893ff6e7a78857e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libogg-0.dll

Filesize
25KB

MD5
307ef797fc1af567101afba8f6ce6a8c

SHA1
0023f520f874a0c3eb3dc1fe8df73e71bde5f228

SHA256
57abc4f6a9accdd08bf9a2b022a66640cc626a5bd4dac6c7c4f06a5df61ee1fe

SHA512
5b0b6049844c6fef0cd2b6b1267130bb6e4c17b26afc898cfc17499ef05e79096cd705007a74578f11a218786119be37289290c5c47541090d7b9dea2908688e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libopus-0.dll

Filesize
359KB

MD5
e1adac219ec78b7b2ac9999d8c2e1c94

SHA1
6910ec9351bee5c355587e42bbb2d75a65ffc0cf

SHA256
771cae79410f7fcc4f993a105a18c4ed9e8cbddd6f807a42228d95f575808806

SHA512
da1912243491227168e23fb92def056b229f9f1d8c35ae122e1a0474b0be84ceb7167b138f2ee5fffd812b80c6aca719250aca6b25931585e224e27384f4cc67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\libopus-0.x64.dll

Filesize
431KB

MD5
0e078e75ab375a38f99245b3fefa384a

SHA1
b4c2fda3d4d72c3e3294beb8aa164887637ca22a

SHA256
c84da836e8d92421ac305842cfe5a724898ed09d340d46b129e210bdc9448131

SHA512
fa838dab0a8a07ee7c370dd617073a5f795838c3518a6f79ee17d5ebc48b78cebd680e9c8cbe54f912ceb0ae6112147fb40182bcfdcc194b73aa6bab21427bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\python3.DLL

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10162\ucrtbase.dll

Filesize
987KB

MD5
0c9d205deacd8aa9b28d63b55a16a257

SHA1
bf6f8c1ba272efa97648d821bdefa732c041d836

SHA256
c6392865a153f86698d5ef20c2c14d443d2c0f9a7aa3819b10fa2418a1ce5b73

SHA512
7ed74a6cdc65f65a136b546280c1507468c3d5f85a4beec569e7f8d46c16abdf5ad36364280961cbd30193a528554833bab368d71464fe5e2179dda7d17c2652

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31002\setuptools\_vendor\importlib_resources-6.4.0.dist-info\LICENSE

Filesize
11KB

MD5
3b83ef96387f14655fc854ddc3c6bd57

SHA1
2b8b815229aa8a61e483fb4ba0588b8b6c491890

SHA256
cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30

SHA512
98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31002\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\top_level.txt

Filesize
7B

MD5
0ba8d736b7b4ab182687318b0497e61e

SHA1
311ba5ffd098689179f299ef20768ee1a29f586d

SHA256
d099cddcb7d71f82c845f5cbf9014e18227341664edc42f1e11d5dfe5a2ea103

SHA512
7cccbb4afa2fade40d529482301beae152e0c71ee3cc41736eb19e35cfc5ee3b91ef958cf5ca6b7330333b8494feb6682fd833d5aa16bf4a8f1f721fd859832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31002\setuptools\_vendor\packaging-24.1.dist-info\WHEEL

Filesize
81B

MD5
24019423ea7c0c2df41c8272a3791e7b

SHA1
aae9ecfb44813b68ca525ba7fa0d988615399c86

SHA256
1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e

SHA512
09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ol4kh1wd.nwn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1984-1474-0x00007FFCFCF10000-0x00007FFCFD9D1000-memory.dmp

Filesize
10.8MB

Download
memory/1984-1473-0x00007FFCFCF10000-0x00007FFCFD9D1000-memory.dmp

Filesize
10.8MB

Download
memory/1984-1477-0x00007FFCFCF10000-0x00007FFCFD9D1000-memory.dmp

Filesize
10.8MB

Download
memory/1984-1463-0x000002B0D2FB0000-0x000002B0D2FD2000-memory.dmp

Filesize
136KB

Download
memory/1984-1462-0x00007FFCFCF13000-0x00007FFCFCF15000-memory.dmp

Filesize
8KB

Download