Analysis

  • max time kernel
    526s
  • max time network
    1133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    01/09/2024, 08:35

General

  • Target

    DRM.Media.Tool.zip

  • Size

    36.4MB

  • MD5

    c39b759955b076468c44a871c9b5ab79

  • SHA1

    6124f2566e8248fb5997d008a0c66324f5ba3940

  • SHA256

    33ae6890b35b2b35e6070a86814ebd03756ce2ce9f28f62361b4936965efff9b

  • SHA512

    3db106c76c704798743bcf17b67497ea47c5ec10155187f7a7c9abcd4b0084bd07e72b9a6c6c4ffeee92a7584fb1c0d3f01faec0e8517025a1710c34e87b90bf

  • SSDEEP

    786432:V86XNrGxXaQR8KMnJGzAkmfZpjMHYXovKc8HTV1UQOgnROcivhpGFovxom/AO:1XNeRRYnJ4ihpjUYXZFHT/UQOgnROciv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 45 IoCs
  • Detects Pyinstaller 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\DRM.Media.Tool.zip
    1⤵
      PID:2476
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2676
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"F:\" -an -ai#7zMap23615:46:7zEvent29230
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2072
      • F:\DRM.Media.Tool.exe
        "F:\DRM.Media.Tool.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4128
        • F:\DRM.Media.Tool.exe
          "F:\DRM.Media.Tool.exe"
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2764
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c "ver"
            3⤵
              PID:4704
        • C:\Windows\System32\cmd.exe
          "C:\Windows\System32\cmd.exe"
          1⤵
            PID:1972
          • C:\Windows\system32\AUDIODG.EXE
            C:\Windows\system32\AUDIODG.EXE 0x304 0x2c8
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:4940

          Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\PyQt5\Qt5\bin\Qt5Core.dll

                  Filesize

                  5.7MB

                  MD5

                  817520432a42efa345b2d97f5c24510e

                  SHA1

                  fea7b9c61569d7e76af5effd726b7ff6147961e5

                  SHA256

                  8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a

                  SHA512

                  8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\VCRUNTIME140.dll

                  Filesize

                  106KB

                  MD5

                  870fea4e961e2fbd00110d3783e529be

                  SHA1

                  a948e65c6f73d7da4ffde4e8533c098a00cc7311

                  SHA256

                  76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

                  SHA512

                  0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\VCRUNTIME140_1.dll

                  Filesize

                  48KB

                  MD5

                  bba9680bc310d8d25e97b12463196c92

                  SHA1

                  9a480c0cf9d377a4caedd4ea60e90fa79001f03a

                  SHA256

                  e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

                  SHA512

                  1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\_bz2.pyd

                  Filesize

                  81KB

                  MD5

                  bbe89cf70b64f38c67b7bf23c0ea8a48

                  SHA1

                  44577016e9c7b463a79b966b67c3ecc868957470

                  SHA256

                  775fbc6e9a4c7e9710205157350f3d6141b5a9e8f44cb07b3eac38f2789c8723

                  SHA512

                  3ee72ba60541116bbca1a62db64074276d40ad8ed7d0ca199a9c51d65c3f0762a8ef6d0e1e9ebf04bf4efe1347f120e4bc3d502dd288339b4df646a59aad0ec1

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\_decimal.pyd

                  Filesize

                  242KB

                  MD5

                  6339fa92584252c3b24e4cce9d73ef50

                  SHA1

                  dccda9b641125b16e56c5b1530f3d04e302325cd

                  SHA256

                  4ae6f6fb3992bb878416211221b3d62515e994d78f72eab51e0126ca26d0ee96

                  SHA512

                  428b62591d4eba3a4e12f7088c990c48e30b6423019bebf8ede3636f6708e1f4151f46d442516d2f96453694ebeef78618c0c8a72e234f679c6e4d52bebc1b84

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\_hashlib.pyd

                  Filesize

                  60KB

                  MD5

                  d856a545a960bf2dca1e2d9be32e5369

                  SHA1

                  67a15ecf763cdc2c2aa458a521db8a48d816d91e

                  SHA256

                  cd33f823e608d3bda759ad441f583a20fc0198119b5a62a8964f172559acb7d3

                  SHA512

                  34a074025c8b28f54c01a7fd44700fdedb391f55be39d578a003edb90732dec793c2b0d16da3da5cdbd8adbaa7b3b83fc8887872e284800e7a8389345a30a6a4

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\_lzma.pyd

                  Filesize

                  153KB

                  MD5

                  0a94c9f3d7728cf96326db3ab3646d40

                  SHA1

                  8081df1dca4a8520604e134672c4be79eb202d14

                  SHA256

                  0a70e8546fa6038029f2a3764e721ceebea415818e5f0df6b90d6a40788c3b31

                  SHA512

                  6f047f3bdaead121018623f52a35f7e8b38c58d3a9cb672e8056a5274d02395188975de08cabae948e2cc2c1ca01c74ca7bc1b82e2c23d652e952f3745491087

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\_queue.pyd

                  Filesize

                  29KB

                  MD5

                  52d0a6009d3de40f4fa6ec61db98c45c

                  SHA1

                  5083a2aff5bcce07c80409646347c63d2a87bd25

                  SHA256

                  007bcf19d9b036a7e73f5ef31f39bfb1910f72c9c10e4a1b0658352cfe7a8b75

                  SHA512

                  cd552a38efaa8720a342b60318f62320ce20c03871d2e50d3fa3a9a730b84dacdbb8eb4d0ab7a1c8a97215b537826c8dc532c9a55213bcd0c1d13d7d8a9ad824

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\_socket.pyd

                  Filesize

                  75KB

                  MD5

                  0f5e64e33f4d328ef11357635707d154

                  SHA1

                  8b6dcb4b9952b362f739a3f16ae96c44bea94a0e

                  SHA256

                  8af6d70d44bb9398733f88bcfb6d2085dd1a193cd00e52120b96a651f6e35ebe

                  SHA512

                  4be9febb583364da75b6fb3a43a8b50ee29ca8fc1dda35b96c0fcc493342372f69b4f27f2604888bca099c8d00f38a16f4c9463c16eff098227d812c29563643

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\_sqlite3.pyd

                  Filesize

                  95KB

                  MD5

                  9f38f603bd8f7559609c4ffa47f23c86

                  SHA1

                  8b0136fc2506c1ccef2009db663e4e7006e23c92

                  SHA256

                  28090432a18b59eb8cbe8fdcf11a277420b404007f31ca571321488a43b96319

                  SHA512

                  273a19f2f609bede9634dae7c47d7b28d369c88420b2b62d42858b1268d6c19b450d83877d2dba241e52755a3f67a87f63fea8e5754831c86d16e2a8f214ad72

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\_ssl.pyd

                  Filesize

                  155KB

                  MD5

                  9ddb64354ef0b91c6999a4b244a0a011

                  SHA1

                  86a9dc5ea931638699eb6d8d03355ad7992d2fee

                  SHA256

                  e33b7a4aa5cdd5462ee66830636fdd38048575a43d06eb7e2f688358525ddeab

                  SHA512

                  4c86478861fa4220680a94699e7d55fbdc90d2785caee10619cecb058f833292ee7c3d6ac2ed1ef34b38fbff628b79d672194a337701727a54bb6bbc5bf9aeca

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-console-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  a3236d23bce79fbc8984ff59f0bd350d

                  SHA1

                  376cf6356c8183de1b8dbc3611aa688d34552320

                  SHA256

                  0086c2409ca8fca1b7fe42972b60f937f846e60a938a5989129f68b8b41c77f2

                  SHA512

                  fdd4c5589d91abfd61c198fa6485f40db04a9eeef41af4930e92de55632b4e6cd2ad7e412beb6b5c5b751079a6cac529f246fdbca73051d7dcfe85165f897de7

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-datetime-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  c1a0ac40b2cd7ca942c3d658e2c74d3c

                  SHA1

                  9a7411922824464c33f6d76ae9613a1a3801ea1b

                  SHA256

                  88d783199b25d350968b6ccd0c8240991587b7ae810c744dfa2ec62d8e9cb072

                  SHA512

                  6ac0091c7e742145b159f8f3ff7da429a26fc2fa8049823469a1e8c27e962613f4112d5a3208f09db5c8cf25f4ef0105ce43b88e0a9796d5a663015df116035f

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-debug-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  193ddd6964272a4522613a7dce90ff86

                  SHA1

                  7a15245c775793ba464cae4826424cdf69655c7f

                  SHA256

                  326e33a52024cf4f16d717c74875b45f9d72ce5036e563ddc71163d092819e55

                  SHA512

                  1e6366d2171d6a6c50647527105ebe6e6af8408f8c3542cc74e2984e847674289d3b7c6e541de51e989f09e3949e0f43a1c5cb239e308133294f597dae591df0

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-errorhandling-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  e02239f4c0948021443bab405791e401

                  SHA1

                  cd5300b8a2cc2aff15d5b45122b9567cb9c68bb5

                  SHA256

                  0857f0669237f4c8f85dca01acc7af0f654029832752c54d518cb741fd709878

                  SHA512

                  1f61c23fb4487a80921b5e25ddb942d83bf3a0f1e11df7dc849f2bc6e6dd72c8c7aa2808414821520d998b9123c040bedef392be39c5616a4bba8b8cfb9a7295

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-file-l1-1-0.dll

                  Filesize

                  16KB

                  MD5

                  770b1f0533e25a199144bd95e1e4a366

                  SHA1

                  2a7f04c61fd91b5dfb1b592e20186a4f1675fcb0

                  SHA256

                  22967506ae7e13fd6afc9cbe6aa7d14f497c37a40684fbfd7a5146b9f1569646

                  SHA512

                  c817dc7d51b0a3b05e9546793fd2b6eb8ad783dc933dd619024177bebe6aeb0c551ab0add7029fa0b0754aee139adfe1d04b5c0ace638c11da02de27bb225a94

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-file-l1-2-0.dll

                  Filesize

                  13KB

                  MD5

                  b5233e03bde877536db16308f3664cda

                  SHA1

                  15ff9d07de90f4a13943b36c30ce2cfaccc67451

                  SHA256

                  fb9b51ab73cb5fecc491a3a2624d54cc327370c6ac5efc9dfada2411acf766ed

                  SHA512

                  ad005e39dcd889e8a6c127038b7c25eb2e100c889b16a6b12063bf76087b3d245df2768d3f032963dcbb33d320be56ec3a2822a718d17b34503ee0ddccef7486

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-file-l2-1-0.dll

                  Filesize

                  13KB

                  MD5

                  da0e628d704f10be357148f2131108b1

                  SHA1

                  a9a8c5e002a65d1b43fb990a86c59d290d480464

                  SHA256

                  5747de24ef2014b50f49d541621a328a02a4ef5f20eeb94423a3d7f7954e49f6

                  SHA512

                  30b2b3fd92b73dc387b6beff63c4d9e16123f9abbde0cc3f33b1b00c013885f980d12d793e32aaf7c430121df3d337dd09a9a8a5ea874696d3cf37ee51a50a81

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-handle-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  53ad62eadd80fb7be326b2ac21cd51c4

                  SHA1

                  520316ecaf0262df0d5970ed6160c1a58d34fdcc

                  SHA256

                  0d520c708ea21b4120660e3b2db833f473c193508649c57d759452f19d6e633a

                  SHA512

                  2a59e6677d0f48a8588999d0f8f3d28c811ee66a98f25d0da727959975b7f1b51e2e252133173c564cd71a18fb1507c18cb376034ada3a92eec95cbef2a6974d

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-heap-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  55c47ec3351addab989634c5a4142698

                  SHA1

                  1985aa2decdb3b0718b288a798e67abcff5fbfb0

                  SHA256

                  5e3a6502b929df2cbfd6c9e0bfc2016b082e72246dc033655957aeaf812f5119

                  SHA512

                  72d2be88661bad13e3e2828d9ae870d5fdc1679fe0079e206dc787fbf33396b58c19efa5e4b98146ecb5244d46c03dc60f51f01de2eada2bef4b8d9b151db21a

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-interlocked-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  4a6bb2456b03efd381762294048d4e1f

                  SHA1

                  7f7cd1541a89c937654dfd772314061c1d5c4b8a

                  SHA256

                  1e72f74bdc5edc4ef93bced9065fd1ce3d20d891a6933c068d8a8bb97f813870

                  SHA512

                  f9da432af0643fa80fc7688f35c35ab2c73e9687c6a5b69a3cbc655af499296a59e6107b0faa01c0f48a79a510032b95bc5acc31f28a32ba53c2a46385af6c2c

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-libraryloader-l1-1-0.dll

                  Filesize

                  14KB

                  MD5

                  0102c27a0a9973942ab7974258b127e5

                  SHA1

                  ab6279b7e802b3b229322f07442be5b59df944d1

                  SHA256

                  1eacc48d19f44e5dd54e4ea0a2f77a3130ecaacf22605595f3c6b6e398b9d2d8

                  SHA512

                  9ab4e772cd649296f12b37cc4ae165d7bd7f4830c934d9540cd76cc42480c2b484cdd35d39082f861b74441d137656d2d1b6f73b27ea09ed7c42c55f3122384c

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-localization-l1-2-0.dll

                  Filesize

                  15KB

                  MD5

                  e142049a08327db53b0289cd25bbb70f

                  SHA1

                  3289a7c010a613b07b235d13ec96af31b683834a

                  SHA256

                  dd36f8e544be435ffd7c96ddb077dc76b4cebd6fbef14319f7d21f47fe794a87

                  SHA512

                  f6fd8865f9df1bd382b246041ad90a3e87e42a99b7dc8167d0d4513e7bec6901b80120ff98e1283ca754dcc726b4ddc000f41c428f4f45dfd4489e94075352cf

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-memory-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  f897d6715951a70e80daa9fa3dc9b913

                  SHA1

                  7eaa2b5adcbe016508cc63c25bf4b60a3a2f94d2

                  SHA256

                  bac0e15f62d2aad8af2d9564d15c987d707ee4c5021fdb308287e1a63a6116fc

                  SHA512

                  0ff9ce545f7cd44a01a30ea9fa0821c8e564d509da6085331c766d1ce6d7a4c22910968eb142a888e2314a218fb882841678de18cca46472ace0a09bce6f19fe

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-namedpipe-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  163050861c7d8809d06d5ed6228bef54

                  SHA1

                  8fab242e91454e7e293c9a26e468cafadf0d7ce4

                  SHA256

                  a322178a86629cce8ecfe5c88518f874afa7903a30bc26edc6f1989d087ae726

                  SHA512

                  6b04702ccefdef6640cbaf8d187e5beafa01186943259e319eae4ac60e09511cb0e04d7f86d0ebade00773220e0ab8bdf9e60460f354d3fe670fbc1f592e92ab

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-processenvironment-l1-1-0.dll

                  Filesize

                  14KB

                  MD5

                  bc19bc9c45a169cc62f9e7975da0cc35

                  SHA1

                  55fe4e9733ed24c00d58702e6740c4f078d0a7b1

                  SHA256

                  b3b48223093c2b210f76fd38d3d70b9c0bd17834c2762d1172bee7f12411512f

                  SHA512

                  5140df1cdf68260b698bc59ed9ca0a4315bd96987c974a800e8077f73b0887fccc2ab3aedb7ad6c772c70c98ed281211d8cff9306eea8e0e8d83f257453de8d9

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-processthreads-l1-1-0.dll

                  Filesize

                  15KB

                  MD5

                  20bdf0aa438ddfbf65952d202d5cda25

                  SHA1

                  eaf1c6b6400cda52637dd68fc17d20c2b7f09dd8

                  SHA256

                  70a96238fe9b62eb195d1f1553624fbc45b52cc12dc7193913e6e65c71e09321

                  SHA512

                  188a22db1df1c417fcffc83b4e51925012dd551900746b000582dcfdb5994e23d9ddb278ba96a0697560a1680534c6d78e31b1749f062dbefa3f0c0a8ef7bc4b

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-processthreads-l1-1-1.dll

                  Filesize

                  13KB

                  MD5

                  8ce9f911908bc20529ce03b7836397f5

                  SHA1

                  b8554a420c1372474e15d931f2f50e433d3b634e

                  SHA256

                  257d25b17680639ef9175e272c2cec4239a395651a69115441ba234c4b30ec0b

                  SHA512

                  980af4b0b3749d5e5842be388734b6385f0181eb5319b3e7802fcb33aada78b6bcf753a4eed29584e988b2708798e3da2ebd286c09fc5c518f8a1e2c5754fb11

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-profile-l1-1-0.dll

                  Filesize

                  12KB

                  MD5

                  37851625d48c3c435e64566387b8fba9

                  SHA1

                  6d0ba0836270984c91a0cfd410eeb50edf6b62d6

                  SHA256

                  516d34cafdfbdf5e89804fe2b9c995f23fac93672ab1de9cffa55f6bdb0d1e24

                  SHA512

                  0da8d12e42aacd4d447434a5a83952da2230fd1970e213a23eeddc25606e55cb9fdcda06787eae403c14279591974cfa5dad3bfaf598fd875a5ccea2122924b8

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-rtlsupport-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  8afde80df750f5ab010bc08a85c52776

                  SHA1

                  3696bfc329ced5a61819fa785fca0f955d3a309f

                  SHA256

                  f205e9c1ad5f029555d56a24fb7a3309a6ddd554eb19989fc3a1d309c990a6bd

                  SHA512

                  2ddb753c58ba6108d3bb09b4f5aca47dbd0dc5449ed75851c05f0f1db5a8bf9a59572b416260df6338cf3838ded2541d832755d9e82972bc191d1d1453454599

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-string-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  a871b3bbadd412d4634648688a881a5e

                  SHA1

                  6d4dff475b8d2f270f4ca3393186e3ae20ef2273

                  SHA256

                  e7f1d2398de4a7242b79a21f85d3ab9bdaac3e70e50ef1eac5da1cba09dda192

                  SHA512

                  c05a8965858cca999334cd085aac771c71597b4b35a0c309ca8bb4d23cc9ec636ac4be7c1ac5ae36f6813bf92761a7584151eb9bc4583772e8f7c39bcc862cc7

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-synch-l1-1-0.dll

                  Filesize

                  15KB

                  MD5

                  e58cc2297847d947b50d7d81f8d6c518

                  SHA1

                  1580d3d4b1093549ebb6d95cb5d0d32b8d6b5f45

                  SHA256

                  da79a38d4799a9e4f3aaaaeea05a2f47d323d3472f5361478e20e5075b63af9e

                  SHA512

                  258d6c1d37884a7ab313dd2e98fb88b94cdeb908f31dd296745c1fa5f2ae105cfbb225909e2dc9b178531183bb98195cb689ce14ff2570bc168e46e69c544e84

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-synch-l1-2-0.dll

                  Filesize

                  13KB

                  MD5

                  b8a4e7ce46930e538eec8290332fe6dc

                  SHA1

                  ea6938f141edc0ba3f32aef3bea90597e9a58707

                  SHA256

                  8ec827f3a991a313137d3c378bddc7022640c0b1ba79ebcd847ed3ecedc425b3

                  SHA512

                  1707324e08dc74de23c98ae62ccb4373e2dcd7c2a1aced7b2c5a98436efefc9baecf80dde07fca5c775ab14a79816ff9034d46a97640e1a0d2a82a561a7c698f

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-sysinfo-l1-1-0.dll

                  Filesize

                  14KB

                  MD5

                  a992a0e59e2530e67281f8db9bd28c80

                  SHA1

                  96a0b9780a53384d2dc65b9a5305312a1ecc7ddc

                  SHA256

                  71ba7dd22ffa833b924778c5d0421819cf01625b4d7462c463c2cf75cf596806

                  SHA512

                  5633e37239bd3678b4d6d1e2a74c3f59394b30da2cbd0797c882f418250894049b85684b12e0fb367e762ce7f205c0715532266d6cfd0580b7b58adfe07def7f

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-timezone-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  8a7fbe2425592dd419f6cf665613b967

                  SHA1

                  af2170a7e5f27111e32fa27ecfdddaa41edc8156

                  SHA256

                  a6cbce99976a8fdd8d9cc278c7d8aebbc4a6ae6404684021d73c8f4e520b98dc

                  SHA512

                  57d41d57721f9e37c6ea8a55ac156f9275d2373beead9f5c836ff7379c49c6676b9168bf278206fe2e60b576e066d8706ec1ed0a96b3db82b197d724f4a2279f

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-core-util-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  53bf180be1d6b795b6163770af75cb20

                  SHA1

                  1817e20b2020be1e3e1cb0ffd8e243ad8f9f80ac

                  SHA256

                  96d0b3666651b0ad01fd7877ea19f35c78fd3b87e0da0007889212022edbba8d

                  SHA512

                  8c32ccf1c1b20e9cd9160318d2b8c8eaf97c1198ba78efcbc271ca0292189f04d68d38e8948a49e4585039689d671fab84d86128919418d207c167fdd3f99a64

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-conio-l1-1-0.dll

                  Filesize

                  14KB

                  MD5

                  9e348cb5f8d93c9adafa0907564ba487

                  SHA1

                  fac47a2127756581de8a1e49cd86239b2fe90de5

                  SHA256

                  a0c144a76b80909a25b202114c07a06927f33ec237131d27c409cb4411bd6f1b

                  SHA512

                  1611284adb4491ead21a9088f8890df2d7e9eb6401228104aa4df20f6e8d8e2f59e80378563883722c18be5d31a2da78db43978375f5b8e1b36a723696b06bcf

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-convert-l1-1-0.dll

                  Filesize

                  17KB

                  MD5

                  ad107dadc3298da8e5b8b5979a429b60

                  SHA1

                  cd1e31d3b31f8a07c20addfe6063f8dffd8bb201

                  SHA256

                  a3330afde4c96d0bfd58a328d32cec7f47013a737a33fe074678ef5537e9f34e

                  SHA512

                  f5032e717a3566c86c9f1a5f0b5fd5f6797a9d298f8bc07d8c955bc156da6ecea66c08a3b8f88fe1007de4c214ade98391f0b3b22252aa67b051b3cea2ae802c

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-environment-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  39150685e6ac8cfaf8cd6abc56a2be37

                  SHA1

                  50dd3633db29ded2ea70056dbb96b42d4d7c542b

                  SHA256

                  a6522d4ec322ba2d55704e5990d465620ab33dbcbf2716bbb1a5c0a997a4c800

                  SHA512

                  c082e7611e767f7650cd843b1c03ac10d5585698b68090a3a9d91cbf946699a797aab90fcfa750847b662502a5e407754fe7337d126b71734469c8ee617480c1

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-filesystem-l1-1-0.dll

                  Filesize

                  15KB

                  MD5

                  14e1bafb694fb7c8671649eeac71ae1e

                  SHA1

                  5f0bfd72e0a60e01458ac522a79e6afc46bc1a47

                  SHA256

                  1817be3001c47078676cc8e43e472efc95bc8a56f73dbcdb303036f6758be398

                  SHA512

                  670ef8520b2c3d643deee2cbe3eea5697f575ebe132e5fcb1daf33423a4c9c74e721d10a24873dde238161a3228df7893179d37d957f904ea15e6d274512628f

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-heap-l1-1-0.dll

                  Filesize

                  14KB

                  MD5

                  6b32d1060aade3b0d8b15b171f14d20e

                  SHA1

                  7cf40ea05eabf369f4889d5109e4c79df0322912

                  SHA256

                  5847f24760d9b392264e02b00933e4e8cbed704238f24075ccdd0e2bef3fd86a

                  SHA512

                  93c37c39c2c46fba8a78f8019d123e6d908f5971d91af23ff9704c9bee6c8de1bffeae61dc7c4fae9398ea01764b53a19b9e7d8a47c7a032c3ae5392c0006563

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-locale-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  58f54ccdc55f6d6c8d62dc72d75ee063

                  SHA1

                  2e25bdb7de5e9d320cf3439c8b6073b1952784dc

                  SHA256

                  556af10c9c9cee5ce7dab89a66693f41b50051bb39abb8365374829004cfe20e

                  SHA512

                  f79bcf4098868f82577f3b985551198506359eff50681da925ef951a368b4d48470dae8d887d02985a84fb791036831b7b2bebf6c5b9a7c0701eaaf331609819

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-math-l1-1-0.dll

                  Filesize

                  22KB

                  MD5

                  db734d502665e4972717837aa2bf2223

                  SHA1

                  956b4ff9c59a3a4f4e447d16d0c898dd9bac6147

                  SHA256

                  fd7c108c8b26ef8bbb3eee7dbadfa6031dfb6c2c0c1a74953034e0d080219646

                  SHA512

                  04443719af07dd7ea50d009ddc3199ff2c9a66a3ce04c9559c82f3db7337113f65974ff104b250fec76bd5765f9e5f5805e381446ccbdd27274e4665de2e50e5

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-process-l1-1-0.dll

                  Filesize

                  14KB

                  MD5

                  c0f3aaed30b614b32a6002cd6e5cf088

                  SHA1

                  a61ba3605a61b7076978e91705d7f3d22f9aa2c8

                  SHA256

                  369422b6ba609abad09208c9618a57030a0b5e77d6e7b171b6f2cb6c32567103

                  SHA512

                  3e7495d74ed0d1b5e438ec60aceaf9c52043ee9e13d98202b5013d2cc9bdb506337ed895b523287c1791732cb89c46763e60434ce890e49b4a68b9f9ceb94db4

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-runtime-l1-1-0.dll

                  Filesize

                  17KB

                  MD5

                  c0a2e9713ee6e7b04dd1e66915ec32b6

                  SHA1

                  12539c6b3f2770f34fc45c61817bd8b9675c1d25

                  SHA256

                  973e8a72432bd3169aec3967ce18146938608a335329a9b2d764b43aeeddddbb

                  SHA512

                  8c1d313833eb3dae895495ffe313e09cde399ec3409c71c405dd4212b66a9ea8894d8339ad5ecc40c2378755a4d22b1eee1d64f771728474dc28e1ed9818bc1b

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-stdio-l1-1-0.dll

                  Filesize

                  19KB

                  MD5

                  d6dbfe98e6a0c8eb8697c50c8994a2ae

                  SHA1

                  0393725acaa5515626ac391977e847f8ec8c2f8c

                  SHA256

                  c4fe765c675f30acf8b22040ba77ac0f06d1c334489f0e5da4f98f648a73f0f1

                  SHA512

                  a078bcff3e0be316b5fe7da0a7e4101dac0d762b698f6674d082f5c87ec03387872e585e14a73535bb472c7d2bd7afcf2847811485b412e334c80538aca9ceba

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-string-l1-1-0.dll

                  Filesize

                  19KB

                  MD5

                  23438c3d8e1636fa97a61efd902e4527

                  SHA1

                  7c93b5e8c0a585a734689ad21356e00319290bb8

                  SHA256

                  91fb2c073fcd138b41c34e90b7fee8b852a1371da638aa5e34a365c2fe9e6c9f

                  SHA512

                  43cd7ae9ffc193cfc7207694446b834b67d7c35809cb05b5412a4047811437638886e3a0351e889e0787618998cd4eb780fe2770567d9e01c6726d21b79017a4

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-time-l1-1-0.dll

                  Filesize

                  15KB

                  MD5

                  f59baedde0a1bb608edc3fbec21e1956

                  SHA1

                  ee415e6cb3833945496df71ea427b6df2c32b2ab

                  SHA256

                  88e5cb9f5e3981e0792991583d2c5b4309787498f5a4a317d8bf3ef3658e9710

                  SHA512

                  4182db934fecc25eadc2a2dacd233ed219781ebf5a77cf1afd7f9257ad2105c01015c9fc6bbe646c44b81f0a516622d2e4aa907075da4a279bb79d79cd4fbe17

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\api-ms-win-crt-utility-l1-1-0.dll

                  Filesize

                  13KB

                  MD5

                  adf34cc419a27f0b58e7e4dff9d727b2

                  SHA1

                  15e74e9108aa3806d5d2ec1c57ac1ce0590d110a

                  SHA256

                  9ebe8f7e48f9989c878bed62126859677027b8f5f6cd7089c8bc846bdc8f79f9

                  SHA512

                  0f63dcabe5427efac31cdfc277a9e564d4d2422015fb0183aae05845a04ae64476eb7ff6e7a897af504f65836c1d2ccb9128638802d7bb92176119410830ffaf

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\base_library.zip

                  Filesize

                  859KB

                  MD5

                  5e2fcf2cc2af9ec275951a05cfec23b6

                  SHA1

                  f6d27e85aa08758b4273d6a8e4f166ab7b219131

                  SHA256

                  1b2eec43721ac25169ee9874f6c0e5bef73e7fafa06944235380a54039fbc9bf

                  SHA512

                  eacd1ef8fb3df739e73d5dd60b482786838b128cf2d16c85a184a6bf74d39dea86a7519ef85617a3e185541556a0dd73e1a0ea49e76c5dcb72fd572f6826bae4

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\libcrypto-1_1.dll

                  Filesize

                  3.3MB

                  MD5

                  6f4b8eb45a965372156086201207c81f

                  SHA1

                  8278f9539463f0a45009287f0516098cb7a15406

                  SHA256

                  976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

                  SHA512

                  2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\libssl-1_1.dll

                  Filesize

                  686KB

                  MD5

                  8769adafca3a6fc6ef26f01fd31afa84

                  SHA1

                  38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

                  SHA256

                  2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

                  SHA512

                  fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\python3.dll

                  Filesize

                  63KB

                  MD5

                  c17b7a4b853827f538576f4c3521c653

                  SHA1

                  6115047d02fbbad4ff32afb4ebd439f5d529485a

                  SHA256

                  d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

                  SHA512

                  8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\python310.dll

                  Filesize

                  4.3MB

                  MD5

                  deaf0c0cc3369363b800d2e8e756a402

                  SHA1

                  3085778735dd8badad4e39df688139f4eed5f954

                  SHA256

                  156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

                  SHA512

                  5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\select.pyd

                  Filesize

                  28KB

                  MD5

                  c119811a40667dca93dfe6faa418f47a

                  SHA1

                  113e792b7dcec4366fc273e80b1fc404c309074c

                  SHA256

                  8f27cd8c5071cb740a2191b3c599e99595b121f461988166f07d9f841e7116b7

                  SHA512

                  107257dbd8cf2607e4a1c7bef928a6f61ebdfc21be1c4bdc3a649567e067e9bb7ea40c0ac8844d2cedd08682447b963148b52f85adb1837f243df57af94c04b3

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\sqlite3.dll

                  Filesize

                  1.4MB

                  MD5

                  aaf9fd98bc2161ad7dff996450173a3b

                  SHA1

                  ab634c09b60aa18ea165084a042d917b65d1fe85

                  SHA256

                  f1e8b6c4d61ac6a320fa2566da9391fbfd65a5ac34ac2e2013bc37c8b7b41592

                  SHA512

                  597ffe3c2f0966ab94fbb7ecac27160c691f4a07332311f6a9baf8dec8b16fb16ec64df734c3bdbabf2c0328699e234d14f1b8bd5ac951782d35ea0c78899e5f

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\ucrtbase.dll

                  Filesize

                  987KB

                  MD5

                  6b9880ec69f2988d1035fa11969fa894

                  SHA1

                  add955b1826c79aa43afb268682aad5614d5f1e6

                  SHA256

                  c446df8432ff2679961763de876432fcf13f272269c17417e7eccbda0b000448

                  SHA512

                  747d074dbc9bd020feb04c009ad8bd975a4c9a37e0ead8093908237ab00f08e46beb73bfc3a7b41bedb99130877343206a0a2568b611161d17ece5597e3416d9

                • C:\Users\Admin\AppData\Local\Temp\_MEI41282\unicodedata.pyd

                  Filesize

                  1.1MB

                  MD5

                  4c8af8a30813e9380f5f54309325d6b8

                  SHA1

                  169a80d8923fb28f89bc26ebf89ffe37f8545c88

                  SHA256

                  4b6e3ba734c15ec789b5d7469a5097bd082bdfd8e55e636ded0d097cf6511e05

                  SHA512

                  ea127779901b10953a2bf9233e20a4fab2fba6f97d7baf40c1b314b7cd03549e0f4d2fb9bad0fbc23736e21eb391a418d79a51d64402245c1cd8899e4d765c5a

                • F:\DRM.Media.Tool.exe

                  Filesize

                  36.6MB

                  MD5

                  0c093ae32ab24ac39f21be8714496f8c

                  SHA1

                  f6aa1bfb36c28818f5d793a0c7223fa3834bfe91

                  SHA256

                  63aefa469adce5555637c9d35e67e61ec5482889b324bd5e4960154f856b6678

                  SHA512

                  bac0c2ac780c1798e54f2566183efb8993b55a186f43ba87cebce229037de2a3e10c4a65cc7d47ffc31953fce4197487420871f5b95d157aef378b2f43f4297e

                • memory/2764-248-0x000001B3F6B80000-0x000001B3F6DE5000-memory.dmp

                  Filesize

                  2.4MB

                • memory/2764-261-0x000001B3F6B80000-0x000001B3F6DE5000-memory.dmp

                  Filesize

                  2.4MB

                • memory/2764-260-0x00007FF70B1B0000-0x00007FF70B1FD000-memory.dmp

                  Filesize

                  308KB

                • memory/2764-255-0x000001B3F6B80000-0x000001B3F6DE5000-memory.dmp

                  Filesize

                  2.4MB

                • memory/2764-254-0x00007FF70B1B0000-0x00007FF70B1FD000-memory.dmp

                  Filesize

                  308KB

                • memory/2764-247-0x00007FFF5AF80000-0x00007FFF5B1E3000-memory.dmp

                  Filesize

                  2.4MB

                • memory/2764-246-0x00007FFF5BF20000-0x00007FFF5C461000-memory.dmp

                  Filesize

                  5.3MB

                • memory/2764-245-0x00007FFF5C470000-0x00007FFF5C960000-memory.dmp

                  Filesize

                  4.9MB

                • memory/4128-350-0x00007FF70B1B0000-0x00007FF70B1FD000-memory.dmp

                  Filesize

                  308KB

                • memory/4128-253-0x00007FF70B1B0000-0x00007FF70B1FD000-memory.dmp

                  Filesize

                  308KB