6fa8356f35968afc15ecb036d17e197dfc310fcd5a42fa952183bd4b5a37fc36

Analysis

max time kernel
109s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-12-2024 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TeddyPcFiles/Teddy PC (main).exe
Size

15.4MB
MD5

9476e32ffbaab14a58b721a28f6610ac
SHA1

47c39dcb14418da9d0b8c2e7cb5fbdae4f451f06
SHA256

da47548e770e8f1f2f3ea4805abc0c014a6050a0e9c97112ea0f20a25c4a2b05
SHA512

063bc342e6d99f15bec0621c6551db43c67d0af79fcab32eb99fd77f5f378813037c2bd0284fc578a50053e9634cffd584d8f944016f21f37ede7e89c7a59037
SSDEEP

196608:gD9XaO93xXh04A1HeT39IigwIc0/ajaA0W8/LV2ck3FR0XSOq33NUqfEx:NeXh0h1+TtIiFU/MaHW8p2D0fg62Ex

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 33 IoCs

pid	Process
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe
3164	Teddy PC (main).exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4800	msedge.exe
4800	msedge.exe
428	msedge.exe
428	msedge.exe
4560	identity_helper.exe
4560	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 3164	3400	Teddy PC (main).exe	82
PID 3400 wrote to memory of 3164	3400	Teddy PC (main).exe	82
PID 3164 wrote to memory of 456	3164	Teddy PC (main).exe	83
PID 3164 wrote to memory of 456	3164	Teddy PC (main).exe	83
PID 3164 wrote to memory of 428	3164	Teddy PC (main).exe	95
PID 3164 wrote to memory of 428	3164	Teddy PC (main).exe	95
PID 428 wrote to memory of 1392	428	msedge.exe	96
PID 428 wrote to memory of 1392	428	msedge.exe	96
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 2416	428	msedge.exe	97
PID 428 wrote to memory of 4800	428	msedge.exe	98
PID 428 wrote to memory of 4800	428	msedge.exe	98
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99
PID 428 wrote to memory of 2372	428	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\Teddy PC (main).exe
"C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\Teddy PC (main).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\Teddy PC (main).exe
  "C:\Users\Admin\AppData\Local\Temp\TeddyPcFiles\Teddy PC (main).exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/api/redirect?clientId=3446cd72694c4a4485d81b77adbb2141&responseType=code
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8187846f8,0x7ff818784708,0x7ff818784718
      4⤵
      PID:1392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
      4⤵
      PID:2416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
      4⤵
      PID:2372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
      4⤵
      PID:4796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
      4⤵
      PID:3904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
      4⤵
      PID:208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
      4⤵
      PID:2948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
      4⤵
      PID:2748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
      4⤵
      PID:4628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13225715725868776116,7367543760764302888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
      4⤵
      PID:864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
185B

MD5
fa88c3bfda3b1796f85a6a584c6d1aa7

SHA1
84d491531661b24cf143c3ec93cadcd5577c3424

SHA256
9868ffd2c601b0c0c34326e353e44641cb4ef25177773db6c1d9a576551ad74d

SHA512
4d32859e058d66d523fe873dfa5a60aa1566211758ac62e74ceb6afeb177d9444566bbb57886cd82f062f934b43619ca132f3ad1b306f7a9eb0800e6d949c78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8f765a8a3618836669ba97b96b871477

SHA1
a9a8a00c5315a51271f60e2b8c0c6d637c57234e

SHA256
89d010af15a46d501ca73df974b344d89373249aab3289678a28189b92fe3563

SHA512
1f700806d8dcd54d6d34b9c1e2c1b7e91c5772947f096aaeea34a48c9541929f9997161924897b64e4025715f456d3bf58f56630567b97e886741b7ce4c95340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e52594708ba8650aaabab3cd527af51

SHA1
6740f20cb0e69462868baf1c9562fe740a08bf29

SHA256
99c9acda9ca25aabe436240cd84bd591ed67fb371dff63ac84fd644152e4cf37

SHA512
83f556e83ae72aa0d88c2cf2026eefdbd75e67520c3d08220ae630e3106577e7eba386632a186f1b6e68ccc45aac8c981610399b3d919afcde4f6805f2cedc26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b408e8115b63ee9c540aaafdedcd08f1

SHA1
ae222107b5fb94da0cfcacaec99678eeb8c4c4a6

SHA256
f2553498a249bf2af00e4cccd4eb5cc95f5749a1af3e7844fff3637bbf3c85bc

SHA512
b4d708fc827a556a2e8dc01d7d1bfe5b4b453bc0e6014202c9d1096db7ed582e3ff52eadeddc7654d19b1b09d8b74f733dec5a5f6cc542f8418c7c202d8169b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0e2371ec5c62f67654ce77908447f131

SHA1
d8bdfacd8963859d9fddca5f72dff949440735a2

SHA256
fc6ab8181c8cc9c6c5c42eabe51a8781b9d10491a59b9f5c930ff1844163fdeb

SHA512
b58fa42139f3f417df657e610876ed745173d864de6e8b4bd9e4b9ec91b8480ea36bca2e01e9ca56cf10284eee0a19e97b6394ca2ef3e77346e4c2d4e81968a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e0a665c6d2db810fd4c018c9879892ef

SHA1
03cbd1fdcd42b7fe55f835edffb406685fd83118

SHA256
575933e2e1402e2db6694fbeb11ec6d708a6239ebcb3350b930d3600716e42c3

SHA512
312c7e0d13c1eb96231d5d93b60711caf1341793d51f781b8fa682c647f1e94c997d3a68ec8206cb9b3c72d65fae44fafef8b542054a6bc4ea2209a8517f99ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\CopyAuthCodeImage.png

Filesize
13KB

MD5
8013d237df05fd4e4c56a2735b666464

SHA1
f48c1b06aedf324c14b98935461f3cf1d5cdb5ab

SHA256
61199bfa141342ece07c99b1bd37484f569c0952672816fa8ebfcb34fd209898

SHA512
e783c88c7a1082ef975222db6e7ec49009e311297ccc2e66895420447d10b2b9c331cee1f308ec37b6db9eab842982fd75d76f1530ced9d5c81e7a38cad708b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\PIL\_imaging.cp311-win_amd64.pyd

Filesize
2.5MB

MD5
f9439d732c0e23bb3e5946766b9b25ac

SHA1
b94ca1150ec3a4c1e89dd5dba8677a144ee02683

SHA256
9303b4219aca0e644cf6745a040a32f9971064014553a39162b099d14032b52b

SHA512
d90df0ebde0d8a814b18d714df03b930a964ba0582db48bc5ac13f3ab12f3f6ead6d399a28b7a8a4b569039000cb397022427874d7293353058b0747f24c5502

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\TeddyLauncherIcon.ico

Filesize
158KB

MD5
3151f5be4d073c7a25f5c492a4b99874

SHA1
6bb05a280ae97e5e4e6f5eb96c94c2f9fa61ecb4

SHA256
db6a580afeb112af6abc4091f8cdb2f4275fb6fde5f02549ff3771db2d78c4b0

SHA512
3d3d0274dc31399f6048aa3c211bb94c6a703cca808b01efbd621d5d3490db9acb80a19d6e56b273f422760c434bc4ae904355137904ee202d2cf164616b31da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_asyncio.pyd

Filesize
63KB

MD5
41806866d74e5edce05edc0ad47752b9

SHA1
c3d603c029fdac45bac37bb2f449fab86b8845dd

SHA256
76db93bd64cb4a36edb37694456f89bb588db98cf2733eb436f000b309eec3b2

SHA512
2a019efaf3315b8b98be93ac4bea15cec8b9ecc6eab298fa93d3947bad2422b5a126d52cb4998363bdc82641fba9b8f42d589afe52d02914e55a5a6116989fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_bz2.pyd

Filesize
82KB

MD5
37eace4b806b32f829de08db3803b707

SHA1
8a4e2bb2d04685856d1de95b00f3ffc6ea1e76b9

SHA256
1be51ef2b5acbe490217aa1ff12618d24b95df6136c6844714b9ca997b4c7f9b

SHA512
1591a263de16373ee84594943a0993721b1e1a2f56140d348a646347a8e9760930df4f632adcee9c9870f9c20d7818a3a8c61b956723bf94777e0b7fb7689b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_ctypes.pyd

Filesize
121KB

MD5
a25cdcf630c024047a47a53728dc87cd

SHA1
8555ae488e0226a272fd7db9f9bdbb7853e61a21

SHA256
3d43869a4507ed8ece285ae85782d83bb16328cf636170acb895c227ebb142ac

SHA512
f6a4272deddc5c5c033a06e80941a16f688e28179eab3dbc4f7a9085ea4ad6998b89fc9ac501c5bf6fea87e0ba1d9f2eda819ad183b6fa7b6ddf1e91366c12af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_decimal.pyd

Filesize
247KB

MD5
e4e032221aca4033f9d730f19dc3b21a

SHA1
584a3b4bc26a323ce268a64aad90c746731f9a48

SHA256
23bdd07b84d2dbcb077624d6dcbfc66ab13a9ef5f9eebe31dc0ffece21b9e50c

SHA512
4a350ba9e8481b66e7047c9e6c68e6729f8074a29ef803ed8452c04d6d61f8f70300d5788c4c3164b0c8fb63e7c9715236c0952c3166b606e1c7d7fff36b7c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_hashlib.pyd

Filesize
63KB

MD5
ba682dfcdd600a4bb43a51a0d696a64c

SHA1
df85ad909e9641f8fcaa0f8f5622c88d904e9e20

SHA256
2ad55e11bddb5b65cdf6e9e126d82a3b64551f7ad9d4cbf74a1058fd7e5993bd

SHA512
79c607e58881d3c3dfb83886fe7aa4cddb5221c50499d33fe21e1efb0ffa1fd0d3f52cbe97b16b04fbe2b067d6eb5997ac66dec9d2a160d3cb6d44ffca0f5636

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_lzma.pyd

Filesize
155KB

MD5
3273720ddf2c5b75b072a1fb13476751

SHA1
5fe0a4f98e471eb801a57b8c987f0feb1781ca8b

SHA256
663f1087c2ed664c5995a3ffa64546d2e33a0fce8a9121b48cc7c056b74a2948

SHA512
919dbbfcc2f5913655d77f6c4ae9baa3a300153a5821dc9f23e0aceb89f69cb9fb86d6ce8f367b9301e0f7b6027e6b2f0911a2e73255ab5150a74b862f8af18e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_multiprocessing.pyd

Filesize
33KB

MD5
758128e09779a4baa28e68a8b9ee2476

SHA1
4e81c682cf18e2a4b46e50f037799c43c6075f11

SHA256
3c5b0823e30810aee47fdfad567491bc33dd640c37e35c8600e75c5a8d05ce2a

SHA512
5096f0daacf72012a7ad08b177c366b4fe1ded3a18aebfe438820b79c7cb735350ef831a7fb7d10482eefd4c0b8a41511042bb41f4507bbc0332c52df9288088

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_overlapped.pyd

Filesize
50KB

MD5
e2a301b3fd3bdfec3bf6ca006189b2ac

SHA1
86b29ee1a42de70135a6786cdce69987f1f61193

SHA256
4990f62e11c0a5ab15a9ffce9d054f06d0bc9213aea0c2a414a54fa01a5eb6dc

SHA512
4e5493cc4061be923b253164fd785685d5eccf16fd3acb246b9d840f6f7d9ed53555f53725af7956157d89eaa248a3505c30bd88c26e04aabdae62e4774ffa4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_queue.pyd

Filesize
31KB

MD5
284fbc1b32f0282fc968045b922a4ee2

SHA1
7ccea7a48084f2c8463ba30ddae8af771538ae82

SHA256
ac3b144d7d7c8ee39f29d8749c5a35c4314b5365198821605c883fd11807e766

SHA512
baa75f7553cf595ad78c84cbb0f2a50917c93596ece1ff6221e64272adc6facdd8376e00918c6c3246451211d9dfc66442d31759bd52c26985c7f133cf011065

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_socket.pyd

Filesize
77KB

MD5
485d998a2de412206f04fa028fe6ba90

SHA1
286e29d4f91a46171ba1e3c8229e6de94b499f1d

SHA256
8f9ede5044643413c3b072cd31a565956498ca07cdd17fb6a04483d388fdad76

SHA512
68591522e9188f06ff81cd2b3506b40b9ad508d6e34f0111819bf5eff47ed9adf95ebfae5d05b685c4f53b186d15cc45e0d831d96be926f7a5762ee2f1341f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_ssl.pyd

Filesize
172KB

MD5
e5b1a076e9828985ea8ea07d22c6abd0

SHA1
2a2827938a490cd847ea4e67e945deb4eef8cbb1

SHA256
591589dadc659d1ad4856d16cd25dc8e57eaa085bf68eb2929f8f93aba69db1b

SHA512
0afd20f581efb08a7943a1984e469f1587c96252e44b3a05ca3dfb6c7b8b9d1b9fd609e03a292de6ec63b6373aeacc822e30d550b2f2d35bf7bf8dd6fc11f54f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_tkinter.pyd

Filesize
62KB

MD5
b9433c77e6b04532ac587056d21947c2

SHA1
0bcbf7b0ae1c3b815788b62879384217d9744abf

SHA256
a3488d90b5493dd0af5054750194cdeafbf05db42e881c78d92449932565308d

SHA512
a0fcbf898038f2337db8b2aa5873e3fd8970f5f7d01725e9a20be091985495feab01d7dc7b8a6b7ab898d2875566029fd3d217883a1301bf67f8c4288bb29b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\_uuid.pyd

Filesize
24KB

MD5
b21b864e357ccd72f35f2814bd1e6012

SHA1
2ff0740c26137c6a81b96099c1f5209db33ac56a

SHA256
ce9e2a30c20e6b83446d9ba83bb83c5570e1b1da0e87ff467d1b4fc090da6c53

SHA512
29667eb0e070063ef28b7f8cc39225136065340ae358ad0136802770b2f48ac4bda5e60f2e2083f588859b7429b9ea3bad1596a380601e3b2b4bb74791df92a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\aiohttp\_helpers.cp311-win_amd64.pyd

Filesize
53KB

MD5
e3d1b83909f6f1eee896ac57bb24bbdf

SHA1
20992879399bee44184240d5091172882da1019e

SHA256
c0dafa83e6cb70a399028ce9d1f20931a597e11a8854e2fddb1fd90129d6da55

SHA512
b4ae7f50f14795edfb355ed1fdfdf4902283b0b354d801bf440ca47e4ae55a8f990392c1f515e55b145ee414c8522382b67a5b7da0630b232fffa88f89cef033

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\aiohttp\_http_parser.cp311-win_amd64.pyd

Filesize
249KB

MD5
5b1b2e84229d6156b45ac9c2f3a8e779

SHA1
02101e65d75b6b74251632cb1d854da7da813955

SHA256
ba8405808a14825cbc4c41968e21dae0bdfff7adcc30407c24de45dbdb6c124a

SHA512
ed8a8f8cd54c0f2096c985e6648b82664c1eca8153f59b2971700350576458536f29ac94f5c2848e661d08eacd10809376adc7b0e4b15c86becaa342b21bffa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\aiohttp\_http_writer.cp311-win_amd64.pyd

Filesize
48KB

MD5
1351a17fe8b2915c7b939f85ed80eb11

SHA1
480eac8f353e4a32c0d0ccf8a7d5fcec14a56137

SHA256
29f767807ea5a9a463cbec1f4cd5b435e0e9259f7e43206dec15e6c7139352f8

SHA512
a7c3d2382cfab1c5e856fd53115f074197a35b12d8e373d75709d48a68e88467c26e71df92864ab249ebbb82b8edd3933bb9a76d97a7aa4def64a97d41d2f21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\aiohttp\_websocket.cp311-win_amd64.pyd

Filesize
35KB

MD5
7a783b3600b6c90ed11078bc9d25e78b

SHA1
da19a65ba602658805ea5800de0f2089e002978e

SHA256
c93ecab23a1d0d1088aa3b8c6273ca4ee2df9593d3c167d13dfb79bfc155b60e

SHA512
80a7a9b47d75e1269c4ced87a196402dc16ec71e231d8e8841bb14aabaec0ae6b0338a659654af9d3068ec81f2ee439d342410192c65bf900181d0189f3684c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\base_library.zip

Filesize
1.4MB

MD5
852a31cacf70f1eb49e7141dd8ba3467

SHA1
e95f27b99b94c4aa38b3cd57abad60beba7910ae

SHA256
4a19b01c865bfb5d8a96e772d7986dc3aa9af72adf6ab20702538b7f38c2404b

SHA512
b752313e966a6729da337fa542e63f62b2942381a2edbb70fa865b3f62af232858394720682283110cba12736a662ce156636a3ed9e3e0e4478516d5fe9ed7bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\customtkinter\assets\themes\blue.json

Filesize
4KB

MD5
05eb3947ce9a8c3bef66c14d0f938671

SHA1
06ffc811ee51609809d88894022e222b339aefee

SHA256
c9417470c16ced7a43d6c4a8e027afa6edc62c24d5aee7c4c2dcd11385964d3b

SHA512
4db7c14fba78185edf6459016608cb8fa0a250dfb48432c552bb4e0466cf49622b34d847e17c254bb1c8d15bf365e91bce3ede552ba8733fde9d21779f7f1c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\frozenlist\_frozenlist.cp311-win_amd64.pyd

Filesize
84KB

MD5
19a838a9f6b71d405c025c762ec67b9d

SHA1
2871b1ab459f6e4e10ba00553e7a7bb1c27a0588

SHA256
0f7538441c1668248618ee15d11414ce68642c2cbdd1636b903ecefacf88652d

SHA512
5d7b31b4ac745ea4815be122c622989fa408adaeb2f3ba37a9495497e58467dffbeb6d9cd595d49c82cae83e5869ad9a643dd9ca691f46761eb3a20a28d73a7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\multidict\_multidict.cp311-win_amd64.pyd

Filesize
45KB

MD5
53c003dec693f83c57f326b6df5d5f05

SHA1
6977ebcbf74a039501825697021c504d7cc63928

SHA256
32555defdb044714dbaaec281820fa7a0c226545d40561b905294d2e0bdba102

SHA512
2c4b9dff022d25906981d52f68a9bda8e7840597bea6cbea9bc8036392dea56fbecaedcd1b9f6547074c28b018266e424ca0ae8e66bad947544a8571f83fd2f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\pyexpat.pyd

Filesize
193KB

MD5
d7ecc2746314fec5ca46b64c964ea93e

SHA1
39fc49d4058a65f0aa4fbdc3d3bcc8c7beecaa01

SHA256
58b95f03a2d7ec49f5260e3e874d2b9fb76e95ecc80537e27abef0c74d03cb00

SHA512
d5a595aaf3c7603804deae4d4cc34130876a4c38ccd9f9f29d8b8b11906fa1a03dd9a1f8f5dbde9dc2c62b89fe52dfe5b4ee409a8d336edf7b5b8141d12e82d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\python311.dll

Filesize
5.5MB

MD5
d06da79bfd21bb355dc3e20e17d3776c

SHA1
610712e77f80d2507ffe85129bfeb1ff72fa38bf

SHA256
2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1

SHA512
e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\select.pyd

Filesize
29KB

MD5
e07ae2f7f28305b81adfd256716ae8c6

SHA1
9222cd34c14a116e7b9b70a82f72fc523ef2b2f6

SHA256
fb06ac13f8b444c3f7ae5d2af15710a4e60a126c3c61a1f1e1683f05f685626c

SHA512
acb143194ca465936a48366265ae3e11a2256aeae333c576c8c74f8ed9b60987daff81647aef74e236b30687a28bc7e3aa21c6aedbfa47b1501658a2bfd117b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\tcl86t.dll

Filesize
1.8MB

MD5
ac6cd2fb2cd91780db186b8d6e447b7c

SHA1
b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

SHA256
a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

SHA512
45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\tk86t.dll

Filesize
1.5MB

MD5
499fa3dea045af56ee5356c0ce7d6ce2

SHA1
0444b7d4ecd25491245824c17b84916ee5b39f74

SHA256
20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

SHA512
d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\unicodedata.pyd

Filesize
1.1MB

MD5
5cc36a5de45a2c16035ade016b4348eb

SHA1
35b159110e284b83b7065d2cff0b5ef4ccfa7bf1

SHA256
f28ac3e3ad02f9e1d8b22df15fa30b2190b080261a9adc6855248548cd870d20

SHA512
9cccbf81e80c32976b7b2e0e3978e8f7350cce542356131b24ebab34b256efd44643d41ee4b2994b9152c2e5af302aa182a1889c99605140f47494a501ef46c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34002\yarl\_quoting_c.cp311-win_amd64.pyd

Filesize
93KB

MD5
3ccc89b98dab137bc5af9c1e62923829

SHA1
55d93e9782094925d80e4ce27d13a0a9761b7002

SHA256
40e91aaa369a5c171c0d30630707ae9bb64412fedf149aeecfa5707a2324f770

SHA512
4ebe427c75d83c019f8d378a030ae21e07decf30cd10623115eb0cc6ad7a689159e95c7fabac82ce82cea3720fae6c6faf712b600236dad039255884872eb6c0

Download Submit