Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2024, 22:21

General

  • Target

    IndrasLock.exe

  • Size

    120.6MB

  • MD5

    fb2cab1db6333ccca939de6c56b90dbe

  • SHA1

    7a805d3639f3c9fd06167a976b30675ffdecfedd

  • SHA256

    20114329e2e82ffee6e51a8e39df132a4c4cbdf3a8b74b16b85b7b5626f6d76a

  • SHA512

    3779d0b5646747dc18538eb26404b1df9d3c84847a5d3b217c3f9d7e87da8b45fac51954079b047177df9849d8981c593f2e83133826b4e1390956d86ee81fa4

  • SSDEEP

    3145728:YzoRRxEo53x2rm9BIbqrWd62z/ei3Mlqt8h3FkX:Y2R/53xhydd62zWiclazX

Malware Config

Signatures

  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

  • Indicator Removal: Clear Persistence 1 TTPs 1 IoCs

    Clear artifacts associated with previously established persistence like scheduletasks on a host.

  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs
  • System policy modification 1 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\IndrasLock.exe
    "C:\Users\Admin\AppData\Local\Temp\IndrasLock.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:548
    • C:\Users\Admin\AppData\Local\Temp\IndrasLock.exe
      "C:\Users\Admin\AppData\Local\Temp\IndrasLock.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2528
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell -Command "New-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' -Name NoLogoff -Value 1 -PropertyType DWORD -Force"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:384
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell -Command "New-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System' -Name HideFastUserSwitching -Value 1 -PropertyType DWORD -Force"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3084
      • C:\serve.exe
        C:\serve.exe --startup=auto install
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3452
        • C:\serve.exe
          C:\serve.exe --startup=auto install
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4616
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c "schtasks /create /tn "locked" /tr "sc start locked" /sc onlogon /rl highest /RU System /f"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:3288
            • C:\Windows\system32\schtasks.exe
              schtasks /create /tn "locked" /tr "sc start locked" /sc onlogon /rl highest /RU System /f
              6⤵
              • Scheduled Task/Job: Scheduled Task
              PID:3360
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c "schtasks /Query /XML /TN "locked""
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:3988
            • C:\Windows\system32\schtasks.exe
              schtasks /Query /XML /TN "locked"
              6⤵
                PID:2564
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c "schtasks /Delete /TN "locked" /F"
              5⤵
              • Indicator Removal: Clear Persistence
              • Suspicious use of WriteProcessMemory
              PID:1860
              • C:\Windows\system32\schtasks.exe
                schtasks /Delete /TN "locked" /F
                6⤵
                  PID:3160
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c "schtasks /Create /TN "locked" /XML "C:\task.xml""
                5⤵
                • Suspicious use of WriteProcessMemory
                PID:1308
                • C:\Windows\system32\schtasks.exe
                  schtasks /Create /TN "locked" /XML "C:\task.xml"
                  6⤵
                  • Scheduled Task/Job: Scheduled Task
                  PID:680
      • C:\serve.exe
        "C:\serve.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1684
        • C:\serve.exe
          "C:\serve.exe"
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4124
          • C:\locked.exe
            "C:\locked.exe"
            3⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:4952
            • C:\locked.exe
              "C:\locked.exe"
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:2684
              • C:\Windows\TEMP\_MEI49522\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
                C:\Windows\TEMP\_MEI49522\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -version
                5⤵
                • Executes dropped EXE
                PID:5132
              • C:\Windows\TEMP\_MEI49522\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
                C:\Windows\TEMP\_MEI49522\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -i C:\Windows\TEMP\_MEI49522\background_MS.mp4 -pix_fmt rgb24 -vcodec rawvideo -f image2pipe -
                5⤵
                • Executes dropped EXE
                PID:3160
              • C:\Windows\TEMP\_MEI49522\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
                C:\Windows\TEMP\_MEI49522\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -ss 270.166667 -i C:\Windows\TEMP\_MEI49522\background_MS.mp4 -pix_fmt rgb24 -vcodec rawvideo -f image2pipe -ss 10.000000 -
                5⤵
                • Executes dropped EXE
                PID:5196
              • C:\Windows\TEMP\_MEI49522\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
                C:\Windows\TEMP\_MEI49522\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -i C:\Windows\TEMP\_MEI49522\background_MS.mp4 -pix_fmt rgb24 -vcodec rawvideo -f image2pipe -
                5⤵
                • Executes dropped EXE
                PID:5696

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\VCRUNTIME140.dll

              Filesize

              117KB

              MD5

              862f820c3251e4ca6fc0ac00e4092239

              SHA1

              ef96d84b253041b090c243594f90938e9a487a9a

              SHA256

              36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

              SHA512

              2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_bz2.pyd

              Filesize

              82KB

              MD5

              cb8c06c8fa9e61e4ac5f22eebf7f1d00

              SHA1

              d8e0dfc8127749947b09f17c8848166bac659f0d

              SHA256

              fc3b481684b926350057e263622a2a5335b149a0498a8d65c4f37e39dd90b640

              SHA512

              e6da642b7200bfb78f939f7d8148581259baa9a5edda282c621d14ba88083a9b9bd3d17b701e9cde77ad1133c39bd93fc9d955bb620546bb4fcf45c68f1ec7d6

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_decimal.pyd

              Filesize

              271KB

              MD5

              f3377f3de29579140e2bbaeefd334d4f

              SHA1

              b3076c564dbdfd4ca1b7cc76f36448b0088e2341

              SHA256

              b715d1c18e9a9c1531f21c02003b4c6726742d1a2441a1893bc3d79d7bb50e91

              SHA512

              34d9591590bba20613691a5287ef329e5927a58127ce399088b4d68a178e3af67159a8fc55b4fcdcb08ae094753b20dec2ac3f0b3011481e4ed6f37445cecdd5

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_hashlib.pyd

              Filesize

              62KB

              MD5

              32d76c9abd65a5d2671aeede189bc290

              SHA1

              0d4440c9652b92b40bb92c20f3474f14e34f8d62

              SHA256

              838d5c8b7c3212c8429baf612623abbbc20a9023eec41e34e5461b76a285b86c

              SHA512

              49dc391f4e63f4ff7d65d6fd837332745cc114a334fd61a7b6aa6f710b235339964b855422233fac4510ccb9a6959896efe880ab24a56261f78b2a0fd5860cd9

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_lzma.pyd

              Filesize

              154KB

              MD5

              1ba022d42024a655cf289544ae461fb8

              SHA1

              9772a31083223ecf66751ff3851d2e3303a0764c

              SHA256

              d080eabd015a3569813a220fd4ea74dff34ed2a8519a10473eb37e22b1118a06

              SHA512

              2b888a2d7467e29968c6bb65af40d4b5e80722ffdda760ad74c912f3a2f315d402f3c099fde82f00f41de6c9faaedb23a643337eb8821e594c567506e3464c62

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_socket.pyd

              Filesize

              81KB

              MD5

              fe896371430bd9551717ef12a3e7e818

              SHA1

              e2a7716e9ce840e53e8fc79d50a77f40b353c954

              SHA256

              35246b04c6c7001ca448554246445a845ce116814a29b18b617ea38752e4659b

              SHA512

              67ecd9a07df0a07edd010f7e3732f3d829f482d67869d6bce0c9a61c24c0fdc5ff4f4e4780b9211062a6371945121d8883ba2e9e2cf8eb07b628547312dfe4c9

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tcl_data\auto.tcl

              Filesize

              20KB

              MD5

              8070296bc967f5d0f6b7026009a7eea1

              SHA1

              0a8e85ed9269819a1511a2c1843f8d391a70e87b

              SHA256

              14d904e4ec854add991a71abf263b36110ac2f01a625a70058deb1606f66ebca

              SHA512

              619c0970035e4ce0f3660e0cc4ebacfa3e85afea10526b1256fe22f68815cfcd8d5b2765fc8c086212d6d1cfc73f447c4595adfd48c2e52c7e2c852f808358c8

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tcl_data\encoding\cp1252.enc

              Filesize

              1KB

              MD5

              e9117326c06fee02c478027cb625c7d8

              SHA1

              2ed4092d573289925a5b71625cf43cc82b901daf

              SHA256

              741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

              SHA512

              d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tcl_data\http1.0\pkgIndex.tcl

              Filesize

              746B

              MD5

              a387908e2fe9d84704c2e47a7f6e9bc5

              SHA1

              f3c08b3540033a54a59cb3b207e351303c9e29c6

              SHA256

              77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339

              SHA512

              7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tcl_data\init.tcl

              Filesize

              25KB

              MD5

              06cff726f594eddc36f5152824139625

              SHA1

              b102300c147b1d664f87ecf29343fdcd18b66bc5

              SHA256

              798732aee4e838670b9a4e37e3d6c4884019a1b101f9ab26344dd2e9bd179872

              SHA512

              be272de405740c5a0ccd09732dfbbfc5982506bce3a6fd1cc4fb37be1d9c787674f41265f8c1f6d8998f2b52cd09bf5ee10103446b9a6ef76a8a1d538b3c39ba

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tcl_data\opt0.4\pkgIndex.tcl

              Filesize

              620B

              MD5

              9726d1c368576a0957c0ad45b3c1af1b

              SHA1

              57f751795eaa03af853c0bfd0aa77bde1d3a958b

              SHA256

              61ac4633062d17210bef868d94c25ed0bb9285df0de3e0cf4108f38e98a5b278

              SHA512

              61c63a159069de8f1717322910d1f1f4dba7950d4558703a65f50bb6739422250a5244d00acdd72e33dd3fc3c553630b34fb50c0921214d722102fc07c868ae2

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tcl_data\package.tcl

              Filesize

              23KB

              MD5

              2a64c7b059b27472fdaede8e4d7606c6

              SHA1

              75248b9878b17b8c218f8e0c5000fad3203ff633

              SHA256

              b547022feb2a72d8251d2a467bcfc8487cd8fef10bcef884465fde49176f6e35

              SHA512

              556ee1703065fffcfd84828f0c075533029ceaf906979962197db581b598bd21071658776c6e2006b4e7e0b274da145f8c8aae09ce2a779f41af2d183d15331f

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tcl_data\tclIndex

              Filesize

              5KB

              MD5

              9078aa0d1c876d910ed65e9837d08cd7

              SHA1

              f17aea3bb439afec1bb6bc1c7b81d72f4dc4c57c

              SHA256

              36ef92ddab00ee8e3219d6d4eaf0b11f33d6c33a2c6abc2c7de30c23e90acc40

              SHA512

              e0aa87a624fbb074acd2b390c2085df407f4959284fb0cdac41c25701679e9a47373f73c222842c23b88718cff725c022fbd205419bc51bfb95750d79ea7a322

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tcl_data\tm.tcl

              Filesize

              11KB

              MD5

              eb9b227fa756105f4b4444d551996c19

              SHA1

              4fc88aa018533a664e122ee39c37f6b44ed052ed

              SHA256

              a84cf30f218bb7bc793d1451a867a060f311f84b932601668b665c0f92a549c0

              SHA512

              cbf96d6b60cba4bd51173bf3f95fd8daa8575b9427de2fcb8ff130061ac164211da06c2cc6d6c483fa832cd6fb0c95e504d9fd35a4a0b5439837004da5a62f2d

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\button.tcl

              Filesize

              21KB

              MD5

              aeb53f7f1506cdfdfe557f54a76060ce

              SHA1

              ebb3666ee444b91a0d335da19c8333f73b71933b

              SHA256

              1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5

              SHA512

              acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\entry.tcl

              Filesize

              18KB

              MD5

              ce819200e8cd36e4458b4cf47cfe9107

              SHA1

              d04357d9e236f83bb0d2f5db97e9ee228c34ec80

              SHA256

              6ac78f764434f932d37e8183aa6db5d04eb1848b774c92f7abc243ecb7d4a59b

              SHA512

              6576612c380ab04fa75724c72108a2f386d7f75c9db7a082445778f675e268d0594280a7644aa9ff3ac3d29026327b84a0990ee0c7a9f94bbac3ae63cf91e1de

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\icons.tcl

              Filesize

              10KB

              MD5

              995a0a8f7d0861c268aead5fc95a42ea

              SHA1

              21e121cf85e1c4984454237a646e58ec3c725a72

              SHA256

              1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85

              SHA512

              db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\listbox.tcl

              Filesize

              14KB

              MD5

              804e6dce549b2e541986c0ce9e75e2d1

              SHA1

              c44ee09421f127cf7f4070a9508f22709d06d043

              SHA256

              47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801

              SHA512

              029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\menu.tcl

              Filesize

              39KB

              MD5

              994cbd4038eeef9991f7d6086904166f

              SHA1

              24c05d55e80ddc36fd207eeb7c0fa262573d67d2

              SHA256

              ae4ee8400174c798337b9c60867cbc94f811b249ebe6dea21ec6f960bcf5f8cb

              SHA512

              d1a9c8c89025b305af52f1510b3d4d2a3c556847d345844367ff34c89b917f1646de81f08994ea1697f8f8526d9fd2602f9ac440b52097cab5951901dbbd6ebd

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\panedwindow.tcl

              Filesize

              5KB

              MD5

              286c01a1b12261bc47f5659fd1627abd

              SHA1

              4ca36795cab6dfe0bbba30bb88a2ab71a0896642

              SHA256

              aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9

              SHA512

              d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\pkgIndex.tcl

              Filesize

              376B

              MD5

              2de9606b1f945cdb29c891a20a681351

              SHA1

              3856c58b73e7eb5e1313a3e50090db1798ca0f03

              SHA256

              1390f260ea7af5b0779549fa29615530ff9e3bc202806d2024ac644b1fac5dbc

              SHA512

              03de591bd1e9325effebf90c7206f6813a9ac9726b44c386055f878cd893c62ee5d6c709a299ef2368b67e139bfee2dc9f35010f4e57c55399f5a82e2fabab17

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\scale.tcl

              Filesize

              8KB

              MD5

              d45202d3d2d052d4c6bfe8d1322aab39

              SHA1

              8cdf184ac2e9299b2b2a107a64e9d1803aa298de

              SHA256

              0747a387fdd1b2c7135eceae7b392ed52e1d1ebf3ffa90febe886dbc0981eb74

              SHA512

              27b005f955bae00d15c4492e7bd3ebdc5ee3bf9c164c418198b4bd185709c8810aa6cf76cbcc07eeb4c1d20f8c76ef8df8b219563c18b88c94954c910bff575d

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\scrlbar.tcl

              Filesize

              12KB

              MD5

              5249cd1e97e48e3d6dec15e70b9d7792

              SHA1

              612e021ba25b5e512a0dfd48b6e77fc72894a6b9

              SHA256

              eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f

              SHA512

              e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\spinbox.tcl

              Filesize

              16KB

              MD5

              eaa36f0aa69ae19ddbdd0448fbad9d4d

              SHA1

              eb0adb4f4d937bac2f17480adaf6f948262e754d

              SHA256

              747889c3086c917a34554a9dc495bc0c08a03fd3a5828353ed2a64b97f376835

              SHA512

              c8368f19ec6842ed67073b9fc9c9274107e643324cb23b28c54df63fb720f63b043281b30dbea053d08481b0442a87465f715a8aa0711b01ce83ff7b9f8a4f4c

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\text.tcl

              Filesize

              34KB

              MD5

              016613531555c4f30f670dab58f10b3d

              SHA1

              3afc8aa3e10950d79d1003b0810f2e0dc2135eb9

              SHA256

              f7ecc5ae6eb297c79aad5cfc200b29c4e72409641fa369c5cdbba30ae41e982a

              SHA512

              c5d071fc8cb68c5985e74ab7e90367e9261b291474689c37abd7f921716053e9d5e9446a45c5e91f3bb927589270e818e22e2d675acbe04e0627ecd5d532bc05

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\tk.tcl

              Filesize

              23KB

              MD5

              2261cb7d57c972c2418cd222b83265f7

              SHA1

              a62466c2a678d341b6bd03be8be45c7ab84cc14e

              SHA256

              aea1f1f01e2df0cccd8c2010c4035deea297424a9174383e5ee016eb25484e5a

              SHA512

              92cf1bd11e6b819e69bccb237865092abcee95383f9158c9fe10aab0d48888279d9ad4cf51b567db214d99960e8fb21899085e3d77f1a297dbcafa38f0cb322a

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\altTheme.tcl

              Filesize

              3KB

              MD5

              01f28512e10acbddf93ae2bb29e343bc

              SHA1

              c9cf23d6315218b464061f011e4a9dc8516c8f1f

              SHA256

              ae0437fb4e0ebd31322e4eaca626c12abde602da483bb39d0c5ee1bc00ab0af4

              SHA512

              fe3bae36ddb67f6d7a90b7a91b6ec1a009cf26c0167c46635e5a9ceaec9083e59ddf74447bf6f60399657ee9604a2314b170f78a921cf948b2985ddf02a89da6

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\button.tcl

              Filesize

              2KB

              MD5

              d4bf1af5dcdd85e3bd11dbf52eb2c146

              SHA1

              b1691578041319e671d31473a1dd404855d2038b

              SHA256

              e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf

              SHA512

              25834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\classicTheme.tcl

              Filesize

              3KB

              MD5

              0205663142775f4ef2eb104661d30979

              SHA1

              452a0d613288a1cc8a1181c3cc1167e02aa69a73

              SHA256

              424bba4fb6836feebe34f6c176ed666dce51d2fba9a8d7aa756abcbbad3fc1e3

              SHA512

              fb4d212a73a6f5a8d2774f43d310328b029b52b35bee133584d8326363b385ab7aa4ae25e98126324cc716962888321e0006e5f6ef8563919a1d719019b2d117

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\combobox.tcl

              Filesize

              12KB

              MD5

              f7065d345a4bfb3127c3689bf1947c30

              SHA1

              9631c05365b0f5a36e4ca5cba83628ccd7fcbde1

              SHA256

              68eed4af6d2ec5b3ea24b1122a704b040366cbe2f458103137479352ffa1475a

              SHA512

              74b99b9e326680150dd5ec7263192691bcd8a71b2a4ee7f3177deddd43e924a7925085c6d372731a70570f96b3924450255b2f54ca3b9c44d1160ca37e715b00

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\cursors.tcl

              Filesize

              4KB

              MD5

              1a799fe3754307a5aade98c367e2f5d7

              SHA1

              c64be4b77f0d298610f4ee20fcebbaee3c8b5f22

              SHA256

              5b33f32b0139663347d6cf70a5a838f8e4554e0e881e97c8478b77733162ea73

              SHA512

              89f367f9a59730bcdfc5abde0e35a10b72a1f19c68a768ba4524c938ef5c5caf094c1bfa8fc74173f65201f6617544223c2143252a9f691ee9aaa7543315179f

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\defaults.tcl

              Filesize

              4KB

              MD5

              fc79f42761d63172163c08f0f5c94436

              SHA1

              aabab4061597d0d6dc371f46d14aaa1a859096df

              SHA256

              49ae8faf169165bddaf01d50b52943ebab3656e9468292b7890be143d0fcbc91

              SHA512

              f619834a95c9deb93f8184bcc437d701a961c77e24a831adbd5c145556d26986bfda2a6acb9e8784f8b2380e122d12ac893eb1b6acf03098922889497e1ff9ea

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\entry.tcl

              Filesize

              17KB

              MD5

              dbcedd7bfb63a55c210c25dcf230c657

              SHA1

              b05cf01453a22016995627176f6339068c58ba01

              SHA256

              f2cacb1b3a941cc7079627644e91f0d4729bf820c481c8ce7fa28c952b803e4d

              SHA512

              7f8e9a7d80b463d9cec791ef59b1a27f8acec95ceede45eca06c4dbf9ba805c2c1aee19a0118709ee47768f1b735a74a32b35fb9d8559d94da77c71e4ec5d117

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\fonts.tcl

              Filesize

              5KB

              MD5

              8514cf728a5782e457c50d7c61740ce5

              SHA1

              ede61c428d1865f10ae093d5c4bef29c0ec7e8ce

              SHA256

              6574067a91858506460ac44ddf8cf9270e81d67b2feff2a43b4d5f774568a5ec

              SHA512

              2e24f15887193ffb884ab6af9ecf619ef913e3f6c6dfb0fc980bfb59a57ffec56b68dd36935a2998fbc66d12ef40a58dc3b3f278ec0e21d84dffead6a80c4c96

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\menubutton.tcl

              Filesize

              6KB

              MD5

              aec91dd23de04196af5eb31e8bbd0946

              SHA1

              bdf5a5a42a147d7484e5a2966ea949fa68f52348

              SHA256

              0935fb97b6628f055baeb2e2babbf2a6c8905260e1107972b0e7a1df0752e180

              SHA512

              6ea4a2ec378e6cbabbf8ff20fb1cad0c68a90e5089f20d195fef2ee4ff9259bd3b622378e7203bd238402140f7eab7e316b8a8f9c4b6c0d3d3acbe81f0a25ea4

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\notebook.tcl

              Filesize

              5KB

              MD5

              39aec76c4e7b810873545c6a137accf3

              SHA1

              165372dccdd018d980aa2167094a4e0fa82b65f1

              SHA256

              b1210147f9daf3068de3d28d4b18c04ecfa8c8574e3e0ad275c1d0d75e9a99b2

              SHA512

              759436ca4462df6c217f1502d1350735004edd31472fdaa9860f3fd8fbc2f4978be2b5a57993c37b9dce4a8237840f50d620ba95c22900f658b29a2ac38a5218

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\panedwindow.tcl

              Filesize

              2KB

              MD5

              848a62bcf6ed3c16a8cfd26c43e1bc4e

              SHA1

              6f5e3edf62716b511cf575be2c6c997afa2fa1e7

              SHA256

              20ee6ad9d701709724292a926af93c93784b254b48a656ecc140ef3a0fe10a11

              SHA512

              ae78028eaf96e5b77deff0cd655360db3a8058ac98b6753d9b77d629edffc582999a22a7075b9f5ba83ee65da093e2ccb0eeaa4049898910d7af517fde60b28e

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\progress.tcl

              Filesize

              1KB

              MD5

              dbf3bf0e8f04e9435e9561f740dfc700

              SHA1

              c7619a05a834efb901c57dcfec2c9e625f42428f

              SHA256

              697cc0a75ae31fe9c2d85fb25dca0afa5d0df9c523a2dfad2e4a36893be75fba

              SHA512

              d3b323dfb3eac4a78da2381405925c131a99c6806af6fd8041102162a44e48bf166982a4ae4aa142a14601736716f1a628d9587e292fa8e4842be984374cc192

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\scale.tcl

              Filesize

              2KB

              MD5

              f1c33cc2d47115bbecd2e7c2fcb631a7

              SHA1

              0123a961242ed8049b37c77c726db8dbd94c1023

              SHA256

              b909add0b87fa8ee08fd731041907212a8a0939d37d2ff9b2f600cd67dabd4bb

              SHA512

              96587a8c3555da1d810010c10c516ce5ccab071557a3c8d9bd65c647c7d4ad0e35cbed0788f1d72bafac8c84c7e2703fc747f70d9c95f720745a1fc4a701c544

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\scrollbar.tcl

              Filesize

              3KB

              MD5

              3fb31a225cec64b720b8e579582f2749

              SHA1

              9c0151d9e2543c217cf8699ff5d4299a72e8f13c

              SHA256

              6eaa336b13815a7fc18bcd6b9adf722e794da2888d053c229044784c8c8e9de8

              SHA512

              e6865655585e3d2d6839b56811f3fd86b454e8cd44e258bb1ac576ad245ff8a4d49fbb7f43458ba8a6c9daac8dfa923a176f0dd8a9976a11bea09e6e2d17bf45

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\sizegrip.tcl

              Filesize

              2KB

              MD5

              dd6a1737b14d3f7b2a0b4f8be99c30af

              SHA1

              e6b06895317e73cd3dc78234dd74c74f3db8c105

              SHA256

              e92d77b5cdca2206376db2129e87e3d744b3d5e31fde6c0bbd44a494a6845ce1

              SHA512

              b74ae92edd53652f8a3db0d84c18f9ce9069805bcab0d3c2dbb537d7c241aa2681da69b699d88a10029798d7b5bc015682f64699ba475ae6a379eef23b48daaf

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\spinbox.tcl

              Filesize

              4KB

              MD5

              9c2833faa9248f09bc2e6ab1ba326d59

              SHA1

              f13cf048fd706bbb1581dc80e33d1aad910d93e8

              SHA256

              df286bb59f471aa1e19df39af0ef7aa84df9f04dc4a439a747dd8ba43c300150

              SHA512

              5ff3be1e3d651c145950c3fc5b8c2e842211c937d1042173964383d4d59ecf5dd0ec39ff7771d029716f2d895f0b1a72591ef3bf7947fe64d4d6db5f0b8abffb

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\treeview.tcl

              Filesize

              9KB

              MD5

              f705b3a292d02061da0abb4a8dd24077

              SHA1

              fd75c2250f6f66435444f7deef383c6397ed2368

              SHA256

              c88b60ffb0f72e095f6fc9786930add7f9ed049eabc713f889f9a7da516e188c

              SHA512

              09817638dd3d3d5c57fa630c7edf2f19c3956c9bd264dbf07627fa14a03aecd22d5a5319806e49ef1030204fadef17c57ce8eae4378a319ad2093321d9151c8f

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\ttk.tcl

              Filesize

              4KB

              MD5

              af45b2c8b43596d1bdeca5233126bd14

              SHA1

              a99e75d299c4579e10fcdd59389b98c662281a26

              SHA256

              2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b

              SHA512

              c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tk_data\ttk\utils.tcl

              Filesize

              8KB

              MD5

              51086bc3315a4ae4a8591a654cfc3cea

              SHA1

              2ac08309c63575b7a01fa62d3c262643cd8c823a

              SHA256

              4aa041c050758b3331dc395381f7fbce81e387908fc7a3c6107c4e7140f56f2e

              SHA512

              6d69f7eac9d5af3b3ea85ae3e74bdfa6278789502d5e35efe94349bfc543503be7540d783d2632e349dd53f21074c702ac1fc487ee70c74234a08397f7238723

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\_tkinter.pyd

              Filesize

              64KB

              MD5

              edffcea2091a5661f451ccd83ad4527d

              SHA1

              f81847c0adc0f58134b195a13486d851911fc516

              SHA256

              a6851d7c25a1216d2c8fa5c1d2e9eca3d0392d60e3b7441ad9f66c23ffdd2f08

              SHA512

              abc9fbf7bfbd705016a9d0430243358a1e8f7c4e398b6ba0fc5b1a147f0a1f635e27b859d742e4184ae9d396a68572b169476703312babc3e7530d698ff9ab48

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\base_library.zip

              Filesize

              1.3MB

              MD5

              a9cbd0455b46c7d14194d1f18ca8719e

              SHA1

              e1b0c30bccd9583949c247854f617ac8a14cbac7

              SHA256

              df6c19637d239bfedc8cd13d20e0938c65e8fdf340622ff334db533f2d30fa19

              SHA512

              b92468e71490a8800e51410df7068dd8099e78c79a95666ecf274a9e9206359f049490b8f60b96081fafd872ec717e67020364bcfa972f26f0d77a959637e528

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\libcrypto-3.dll

              Filesize

              5.0MB

              MD5

              123ad0908c76ccba4789c084f7a6b8d0

              SHA1

              86de58289c8200ed8c1fc51d5f00e38e32c1aad5

              SHA256

              4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

              SHA512

              80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\python313.dll

              Filesize

              5.8MB

              MD5

              b9de917b925dd246b709bb4233777efd

              SHA1

              775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2

              SHA256

              0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99

              SHA512

              f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\select.pyd

              Filesize

              30KB

              MD5

              20831703486869b470006941b4d996f2

              SHA1

              28851dfd43706542cd3ef1b88b5e2749562dfee0

              SHA256

              78e5994c29d8851f28b5b12d59d742d876683aea58eceea1fb895b2036cdcdeb

              SHA512

              4aaf5d66d2b73f939b9a91e7eddfeb2ce2476c625586ef227b312230414c064aa850b02a4028363aa4664408c9510594754530a6d026a0a84be0168d677c1bc4

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\tcl86t.dll

              Filesize

              1.7MB

              MD5

              8587238932b4f7f394ce587ad169846b

              SHA1

              6cdc9c1751e812be3a11bb411a145e7ab6885def

              SHA256

              c861f39ad0f4fc7f3875850925f61442bff2bc1839bbbb3584a63bc4d6e5cea6

              SHA512

              c88506e5b78ab1459c25de4c7ef65b3c9e24e0f79ab2132e8fdc7a02195af2e137874512a0f423c80d558969e42e2a4bc7d2cddee696624dbd230b32c44f88f2

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\tcl8\8.5\msgcat-1.6.1.tm

              Filesize

              34KB

              MD5

              62fdb2c6ec12160d3636f8d19485990b

              SHA1

              bad3547afd2d9e58baa6841ec6cba55f47b75f04

              SHA256

              6cc549a37c051d0c70a935b26c2098d1ca4a10b1a60bce03068be268b5e81ca1

              SHA512

              1867c11bd337b325bcee00048720fc48cdb71e7c78f1b18f0880e036f22cde89c25fbe15270bf7738d2fc8f376ce0608d78d9230295687d5dbd6f95f6c4d0920

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\tk86t.dll

              Filesize

              1.5MB

              MD5

              6f06390d3ac095827df2f1a8ed5dae0c

              SHA1

              879f24522821f597c0341ca091e474163764b343

              SHA256

              6425bf57abcc1dfbbe8662b1956883ae0c5ab8c2d9314e19692b3d86babc242c

              SHA512

              27b975e15f6e1b9bc8e3e41152baee25f4b400de3aa6e334c61b2165fecd27560fa5c4296a9b3ff0eb1103173cfb61c348ba11e01a44cbadbecf308b5d7c5095

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\unicodedata.pyd

              Filesize

              693KB

              MD5

              0902d299a2a487a7b0c2d75862b13640

              SHA1

              04bcbd5a11861a03a0d323a8050a677c3a88be13

              SHA256

              2693c7ee4fba55dc548f641c0cb94485d0e18596ffef16541bd43a5104c28b20

              SHA512

              8cbef5a9f2d24da1014f8f1ccbddd997a084a0b04dd56bcb6ac38ddb636d05ef7e4ea7f67a085363aad3f43d45413914e55bdef14a662e80be955e6dfc2feca3

            • C:\Users\Admin\AppData\Local\Temp\_MEI5482\zlib1.dll

              Filesize

              142KB

              MD5

              3a46a119c9860c477f13fe98c878452c

              SHA1

              e0bcbe5b30ef2a2f58e1206c650672ee3f85abc9

              SHA256

              8c2ed3e1a90c9b0e3ef844be20e1af791ae8a1b665d4731162404f0eee1697dc

              SHA512

              0d3d4e8a2c8886fd6e480aecc5051644f39c1e06b1113def7273369f771c4429c757aed13bd8082f4768f617ca3499cd81b79a0893b5a2955fb4b68c8b571c71

            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w5mpbggh.kzb.ps1

              Filesize

              60B

              MD5

              d17fe0a3f47be24a6453e9ef58c94641

              SHA1

              6ab83620379fc69f80c0242105ddffd7d98d5d9d

              SHA256

              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

              SHA512

              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

            • memory/384-1020-0x00007FFE56830000-0x00007FFE572F1000-memory.dmp

              Filesize

              10.8MB

            • memory/384-1015-0x00007FFE56830000-0x00007FFE572F1000-memory.dmp

              Filesize

              10.8MB

            • memory/384-1016-0x00007FFE56830000-0x00007FFE572F1000-memory.dmp

              Filesize

              10.8MB

            • memory/384-1019-0x000001D56A110000-0x000001D56A32C000-memory.dmp

              Filesize

              2.1MB

            • memory/384-1004-0x00007FFE56833000-0x00007FFE56835000-memory.dmp

              Filesize

              8KB

            • memory/384-1014-0x000001D56A570000-0x000001D56A592000-memory.dmp

              Filesize

              136KB

            • memory/2528-1021-0x00007FFE624A0000-0x00007FFE624C9000-memory.dmp

              Filesize

              164KB

            • memory/2528-1113-0x00007FFE624A0000-0x00007FFE624C9000-memory.dmp

              Filesize

              164KB

            • memory/2684-3212-0x00007FFE58D90000-0x00007FFE58DB9000-memory.dmp

              Filesize

              164KB

            • memory/2684-3213-0x00007FFE55380000-0x00007FFE566DD000-memory.dmp

              Filesize

              19.4MB

            • memory/3084-1032-0x00000171ADCE0000-0x00000171ADEFC000-memory.dmp

              Filesize

              2.1MB

            • memory/3160-3211-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5132-3215-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5132-3209-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5132-3210-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5196-3227-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5196-3218-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5196-3221-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5196-3224-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5196-3214-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5696-3230-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5696-3233-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5696-3236-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5696-3239-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5696-3242-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5696-3245-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB

            • memory/5696-3248-0x00007FF764C00000-0x00007FF769453000-memory.dmp

              Filesize

              72.3MB