aec50782c53887f5ba0eb2cef1708e0ab4a2521dd07cc89f751d167de3071ccf

Analysis

max time kernel
80s
max time network
83s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02/01/2025, 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

43.6MB
MD5

028ee153ee95f488838dedf67617f82b
SHA1

a98ac5480c8020c28600dc53468c57ceb3b384a2
SHA256

aec50782c53887f5ba0eb2cef1708e0ab4a2521dd07cc89f751d167de3071ccf
SHA512

546242939ec77c82e25306e2e3f8055216b23eb0a735dff53ff707f3c2c30b33a6bba7fa38e45eca9957cf8819c12921e4fc3e58564d8af9f9facb36fc116926
SSDEEP

786432:t9Yidhp3OEVl8ZFW8qNuwq3ObRqza1QtIX02j6+s7LWB75zuXVgxCuA1KsMrSNm9:t9JxSFWhu3CRsmiIk2qHWB75ilZZ8QN8

Score

9^/10

evasion execution persistence pyinstaller

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	AlexProject.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	AlexProject.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5032	powershell.exe
4100	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
1940	attrib.exe

Executes dropped EXE 2 IoCs

pid	Process
1424	AlexProject.exe
1888	AlexProject.exe

Loads dropped DLL 64 IoCs

pid	Process
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AlexProject = "C:\\Users\\Admin\\AlexProjectFolder\\AlexProject.exe"	source_prepared.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
2	discord.com

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x001a00000002b0c4-2206.dat	pyinstaller

Kills process with taskkill 1 IoCs

evasion

pid	Process
3652	taskkill.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
2460	source_prepared.exe
5032	powershell.exe
5032	powershell.exe
1888	AlexProject.exe
1888	AlexProject.exe
1888	AlexProject.exe
1888	AlexProject.exe
4100	powershell.exe
4100	powershell.exe
4872	powershell.exe
4872	powershell.exe

Suspicious use of AdjustPrivilegeToken 27 IoCs

description	pid	Process
Token: SeDebugPrivilege	2460	source_prepared.exe
Token: SeDebugPrivilege	5032	powershell.exe
Token: SeDebugPrivilege	3652	taskkill.exe
Token: SeDebugPrivilege	1888	AlexProject.exe
Token: SeDebugPrivilege	4100	powershell.exe
Token: SeDebugPrivilege	4872	powershell.exe
Token: SeIncreaseQuotaPrivilege	4872	powershell.exe
Token: SeSecurityPrivilege	4872	powershell.exe
Token: SeTakeOwnershipPrivilege	4872	powershell.exe
Token: SeLoadDriverPrivilege	4872	powershell.exe
Token: SeSystemProfilePrivilege	4872	powershell.exe
Token: SeSystemtimePrivilege	4872	powershell.exe
Token: SeProfSingleProcessPrivilege	4872	powershell.exe
Token: SeIncBasePriorityPrivilege	4872	powershell.exe
Token: SeCreatePagefilePrivilege	4872	powershell.exe
Token: SeBackupPrivilege	4872	powershell.exe
Token: SeRestorePrivilege	4872	powershell.exe
Token: SeShutdownPrivilege	4872	powershell.exe
Token: SeDebugPrivilege	4872	powershell.exe
Token: SeSystemEnvironmentPrivilege	4872	powershell.exe
Token: SeRemoteShutdownPrivilege	4872	powershell.exe
Token: SeUndockPrivilege	4872	powershell.exe
Token: SeManageVolumePrivilege	4872	powershell.exe
Token: 33	4872	powershell.exe
Token: 34	4872	powershell.exe
Token: 35	4872	powershell.exe
Token: 36	4872	powershell.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 2460	3172	source_prepared.exe	77
PID 3172 wrote to memory of 2460	3172	source_prepared.exe	77
PID 2460 wrote to memory of 3144	2460	source_prepared.exe	78
PID 2460 wrote to memory of 3144	2460	source_prepared.exe	78
PID 2460 wrote to memory of 5032	2460	source_prepared.exe	80
PID 2460 wrote to memory of 5032	2460	source_prepared.exe	80
PID 2460 wrote to memory of 3300	2460	source_prepared.exe	82
PID 2460 wrote to memory of 3300	2460	source_prepared.exe	82
PID 3300 wrote to memory of 1940	3300	cmd.exe	84
PID 3300 wrote to memory of 1940	3300	cmd.exe	84
PID 3300 wrote to memory of 1424	3300	cmd.exe	85
PID 3300 wrote to memory of 1424	3300	cmd.exe	85
PID 3300 wrote to memory of 3652	3300	cmd.exe	86
PID 3300 wrote to memory of 3652	3300	cmd.exe	86
PID 1424 wrote to memory of 1888	1424	AlexProject.exe	88
PID 1424 wrote to memory of 1888	1424	AlexProject.exe	88
PID 1888 wrote to memory of 1656	1888	AlexProject.exe	89
PID 1888 wrote to memory of 1656	1888	AlexProject.exe	89
PID 1888 wrote to memory of 4100	1888	AlexProject.exe	91
PID 1888 wrote to memory of 4100	1888	AlexProject.exe	91
PID 1888 wrote to memory of 4872	1888	AlexProject.exe	93
PID 1888 wrote to memory of 4872	1888	AlexProject.exe	93

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1940	attrib.exe

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3144
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\AlexProjectFolder\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AlexProjectFolder\activate.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3300
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:1940
  - - C:\Users\Admin\AlexProjectFolder\AlexProject.exe
      "AlexProject.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1424
    - - C:\Users\Admin\AlexProjectFolder\AlexProject.exe
        
        "AlexProject.exe"
        5⤵
        Enumerates VirtualBox DLL files
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1888
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:1656
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\AlexProjectFolder\""
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4100
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID
        6⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4872
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "source_prepared.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3896

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AlexProjectFolder\AlexProject.exe

Filesize
43.6MB

MD5
028ee153ee95f488838dedf67617f82b

SHA1
a98ac5480c8020c28600dc53468c57ceb3b384a2

SHA256
aec50782c53887f5ba0eb2cef1708e0ab4a2521dd07cc89f751d167de3071ccf

SHA512
546242939ec77c82e25306e2e3f8055216b23eb0a735dff53ff707f3c2c30b33a6bba7fa38e45eca9957cf8819c12921e4fc3e58564d8af9f9facb36fc116926

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\adec7fed-bada-45af-b475-68570a7d0aae.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI14242\cryptography-44.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\Crypto\Cipher\_raw_cbc.pyd

Filesize
12KB

MD5
40390f2113dc2a9d6cfae7127f6ba329

SHA1
9c886c33a20b3f76b37aa9b10a6954f3c8981772

SHA256
6ba9c910f755885e4d356c798a4dd32d2803ea4cfabb3d56165b3017d0491ae2

SHA512
617b963816838d649c212c5021d7d0c58839a85d4d33bbaf72c0ec6ecd98b609080e9e57af06fa558ff302660619be57cc974282826ab9f21ae0d80fbaa831a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\Crypto\Cipher\_raw_cfb.pyd

Filesize
12KB

MD5
899895c0ed6830c4c9a3328cc7df95b6

SHA1
c02f14ebda8b631195068266ba20e03210abeabc

SHA256
18d568c7be3e04f4e6026d12b09b1fa3fae50ff29ac3deaf861f3c181653e691

SHA512
0b4c50e40af92bc9589668e13df417244274f46f5a66e1fc7d1d59bc281969ba319305becea119385f01cc4603439e4b37afa2cf90645425210848a02839e3e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\Crypto\Cipher\_raw_ctr.pyd

Filesize
14KB

MD5
c4c525b081f8a0927091178f5f2ee103

SHA1
a1f17b5ea430ade174d02ecc0b3cb79dbf619900

SHA256
4d86a90b2e20cde099d6122c49a72bae081f60eb2eea0f76e740be6c41da6749

SHA512
7c06e3e6261427bc6e654b2b53518c7eaa5f860a47ae8e80dc3f8f0fed91e122cb2d4632188dc44123fb759749b5425f426cd1153a8f84485ef0491002b26555

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\Crypto\Cipher\_raw_ecb.pyd

Filesize
10KB

MD5
80bb1e0e06acaf03a0b1d4ef30d14be7

SHA1
b20cac0d2f3cd803d98a2e8a25fbf65884b0b619

SHA256
5d1c2c60c4e571b88f27d4ae7d22494bed57d5ec91939e5716afa3ea7f6871f6

SHA512
2a13ab6715b818ad62267ab51e55cd54714aebf21ec9ea61c2aefd56017dc84a6b360d024f8682a2e105582b9c5fe892ecebd2bef8a492279b19ffd84bc83fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\Crypto\Cipher\_raw_ofb.pyd

Filesize
11KB

MD5
19e0abf76b274c12ff624a16713f4999

SHA1
a4b370f556b925f7126bf87f70263d1705c3a0db

SHA256
d9fda05ae16c5387ab46dc728c6edce6a3d0a9e1abdd7acb8b32fc2a17be6f13

SHA512
d03033ea5cf37641fbd802ebeb5019caef33c9a78e01519fea88f87e773dca92c80b74ba80429b530694dad0bfa3f043a7104234c7c961e18d48019d90277c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\Crypto\Util\_strxor.pyd

Filesize
10KB

MD5
f24f9356a6bdd29b9ef67509a8bc3a96

SHA1
a26946e938304b4e993872c6721eb8cc1dcbe43b

SHA256
034bb8efe3068763d32c404c178bd88099192c707a36f5351f7fdb63249c7f81

SHA512
c4d3f92d7558be1a714388c72f5992165dd7a9e1b4fa83b882536030542d93fdad9148c981f76fff7868192b301ac9256edb8c3d5ce5a1a2acac183f96c1028b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_asyncio.pyd

Filesize
63KB

MD5
07a6e6dcc30e1c4c7e0cdc41a457a887

SHA1
53bc820b63d88cbe889944e242b50662b4b2cb42

SHA256
746bc8fa88282afe19dc60e426cc0a75bea3bd137cca06a0b57a30bd31459403

SHA512
837f1e40db9bdf1bc73b2a700df6086a3acdb7d52afc903239410b2d226ffd1dd5e8b5f317401bcf58dd042bd56787af6cdc49af96fcb588bcf0127d536b6c6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_bz2.pyd

Filesize
82KB

MD5
aa1083bde6d21cabfc630a18f51b1926

SHA1
e40e61dba19301817a48fd66ceeaade79a934389

SHA256
00b8ca9a338d2b47285c9e56d6d893db2a999b47216756f18439997fb80a56e3

SHA512
2df0d07065170fee50e0cd6208b0cc7baa3a295813f4ad02bec5315aa2a14b7345da4cdf7cac893da2c7fc21b201062271f655a85ceb51940f0acb99bb6a1d4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_cffi_backend.cp311-win_amd64.pyd

Filesize
174KB

MD5
739d352bd982ed3957d376a9237c9248

SHA1
961cf42f0c1bb9d29d2f1985f68250de9d83894d

SHA256
9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980

SHA512
585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_ctypes.pyd

Filesize
121KB

MD5
565d011ce1cee4d48e722c7421300090

SHA1
9dc300e04e5e0075de4c0205be2e8aae2064ae19

SHA256
c148292328f0aab7863af82f54f613961e7cb95b7215f7a81cafaf45bd4c42b7

SHA512
5af370884b5f82903fd93b566791a22e5b0cded7f743e6524880ea0c41ee73037b71df0be9f07d3224c733b076bec3be756e7e77f9e7ed5c2dd9505f35b0e4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_decimal.pyd

Filesize
249KB

MD5
c88282908ba54510eda3887c488198eb

SHA1
94ed1b44f99642b689f5f3824d2e490252936899

SHA256
980a63f2b39cf16910f44384398e25f24482346a482addb00de42555b17d4278

SHA512
312b081a90a275465787a539e48412d07f1a4c32bab0f3aa024e6e3fe534ac9c07595238d51dc4d6f13c8d03c2441f788dff9fe3d7ca2aad3940609501d273bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_elementtree.pyd

Filesize
125KB

MD5
e31fd445c65aec18c32a99828732264a

SHA1
1e7e9505954b8143faeee6ce0b459712f73018b1

SHA256
02e30b6a2bee5be5336e40a9c89575603051bde86f9c9cdc78b7fa7d9b7bd1f0

SHA512
20802cae1b75f28a83e76b529caf16c8d00bc050e66f6d8665c4238c4579e391c78f121dccb369f64511fdf892619720f8c626a39a28c9aa44f2bff7472cf0f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_hashlib.pyd

Filesize
63KB

MD5
b4ff25b1aca23d48897fc616e102e9b6

SHA1
8295ee478191eb5f741a5f6a3f4ab4576ceec8d2

SHA256
87dd0c858620287454fd6d31d52b6a48eddbb2a08e09e8b2d9fdb0b92200d766

SHA512
a7adcf652bc88f8878dae2742a37af75599936d80223e62fe74755d6bafaafd985678595872fb696c715f69a1f963f12e3d52cd3d7e7a83747983b2ee244e8a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_lzma.pyd

Filesize
155KB

MD5
b86b9f292af12006187ebe6c606a377d

SHA1
604224e12514c21ab6db4c285365b0996c7f2139

SHA256
f5e01b516c2c23035f7703e23569dec26c5616c05a929b2580ae474a5c6722c5

SHA512
d4e97f554d57048b488bf6515c35fddadeb9d101133ee27a449381ebe75ac3556930b05e218473eba5254f3c441436e12f3d0166fb1b1e3cd7b0946d5efab312

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_multiprocessing.pyd

Filesize
33KB

MD5
cf0b31f01a95e9f181d87197786b96ca

SHA1
6214361452f7eaef5c710719a5cfb6109906975c

SHA256
975c1947798e3c39898c86675ca1eb68249f77361f41f172f9800275227213b9

SHA512
d56b096780bb263e3f7282f163da02353ed5d8767f964937deaff997156e95749312180f25582d5963d3c351260b8ff196221652e7bf088a8c6a4e766118abd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_overlapped.pyd

Filesize
50KB

MD5
78e8049e26df6fd3a4011562ff8e74a0

SHA1
d5a91c720e4672c40e1dd6d54b3197b4a1f8b633

SHA256
ca106e4dfdeafeabf9e98956d3d8d0cb73e109f1a96f1a7e35bc47dbd7c7e164

SHA512
ea7a54d38cefed870cee65dd9460b6c51131ae5219933ddc998a86d12bb093784242cb5471c77bc324ccf59fa42c2914865dcf582f74c440fa52b7d15d9faeac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_queue.pyd

Filesize
31KB

MD5
7f52ef40b083f34fd5e723e97b13382f

SHA1
626d47df812738f28bc87c7667344b92847fdf6a

SHA256
3f8e7e6aa13b417acc78b63434fb1144e6319a010a9fc376c54d6e69b638fe4c

SHA512
48f7723a8c039abd6ccb2906fbd310f0cfa170dcbdf89a6437dd02c8f77f20e6c7c402d29b922cdaabd357d3a33e34c3ad826127134f38d77a4d6d9c83371949

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_socket.pyd

Filesize
77KB

MD5
b77017baa2004833ef3847a3a3141280

SHA1
39666f74bd076015b376fc81250dff89dff4b0a6

SHA256
a19e3c7c03ef1b5625790b1c9c42594909311ab6df540fbf43c6aa93300ab166

SHA512
6b24d0e038c433b995bd05de7c8fe7dd7b0a11152937c189b8854c95780b0220a9435de0db7ac796a7de11a59c61d56b1aef9a8dbaba62d02325122ceb8b003d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_sqlite3.pyd

Filesize
117KB

MD5
68d89aaab48b82a7d76fb65e9c613a24

SHA1
b872497ebe4aba49025c9f836f4b2a3f1f033e5e

SHA256
ff6a2a2f38b21b7784f97d604c99961d8c07ef455f7908110a4e893835d42b76

SHA512
5eec9169ab29c291010f0e171c3123552d8c68e943a615dc2f8e1ae75f809a54343572737279d9582b585997ed390af856f551dadeada85ae2f1aa908fc9b39c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_ssl.pyd

Filesize
174KB

MD5
0f02eccd7933b7a7c2bdedca2a72aab6

SHA1
0b4c551d8fe34d8128e5cf97daa19eb4c97db06e

SHA256
ba5388d6a6557d431e086734a3323621dc447f63ba299b0a815e5837cf869678

SHA512
90a64082dab51380e05c76047ee40e259c719d7170fb4acb247b68a03b710461b350da3821b426fd13167895ded32f9c5ec0e07587ad4125683a18a3495f5ed5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_tkinter.pyd

Filesize
62KB

MD5
730c89fc98ade903787589a935aeb36d

SHA1
e9c7337ad9251f0b12d136c725ad1049bd261f42

SHA256
6f7bdc2f60a1795b58ec7015ec262d6b234aa8d0f022185de0f52bac4adab449

SHA512
d3fffc5a7f435f7e0bf40c3b7259a25c2ecb838d752a1bb76ab88fc2ec039b8469e494a023d8f53363b23cbbf4967531cb92f493276f7a91fd8a18102f7505e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\_uuid.pyd

Filesize
24KB

MD5
cc2fc10d528ec8eac403f3955a214d5b

SHA1
3eefd8e449532c13ae160aa631fdb0ad8f6f2ea4

SHA256
e6aa7f1637e211251c9d6f467203b2b6d85e5bc2d901699f2a55af637fa89250

SHA512
bf18089bd0b3a880930827d2035302060ea9db529ad1020879e5be6de42693bd0a01b40270b4e93ceaea3cfed20dad1e2942d983cde8bb2c99159b32209b34bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\base_library.zip

Filesize
1.4MB

MD5
add95481a8e9d5743eee394036ca4914

SHA1
eab5d38e7fa33ae86452e6609ed8afed21516969

SHA256
396171544049d4554472e78cb41f873f7d8951d7450685f364d4487d09b98ad8

SHA512
161b64229f676d1894954bef08fbc0cacc9a5aff5cbf607918f919aa7065e9b5edbaed7057d0113eec24c688b60e7dcd0aa8610105ab350c6c5c30e0f5e6db1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\certifi\cacert.pem

Filesize
287KB

MD5
52a8319281308de49ccef4850a7245bc

SHA1
43d20d833b084454311ca9b00dd7595c527ce3bb

SHA256
807897254f383a27f45e44f49656f378abab2141ede43a4ad3c2420a597dd23f

SHA512
2764222c0cd8c862906ac0e3e51f201e748822fe9ce9b1008f3367fdd7f0db7cc12bf86e319511157af087dd2093c42e2d84232fae023d35ee1e425e7c43382d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
e3d495cf14d857349554a3606a8e7210

SHA1
db0843b89a84fb37efd3c76168bcb303174aac29

SHA256
e21f4c40c29be0b115463e7bb8a365946a4afc152b9fff602abd41c6e0ce68a2

SHA512
8f69a16042e88bc51d30ad4c78d8240e2619104324e79e5f382975486bfb39b4e0a3c35976d08399300d7823d6a358104658374daf36a513ce0774f3611d4d6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
118KB

MD5
bd18f35f8a56415ec604d97bd3dd44c4

SHA1
63f51eb5dafeb24327e3bcb63828336c920b4fcd

SHA256
f3501ebce24205f3dc54192cd917eab9a899fe936570650253d4c1466383eff1

SHA512
3c1c268005f494413cd2f9409b64ed3a2c9af558c0f317447af2c27776406c61dcb28ae6720af156145078ec565a14a3e12d409e57389bb3d4d10f8d7a92a7d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\libopus-0.x64.dll

Filesize
431KB

MD5
0e078e75ab375a38f99245b3fefa384a

SHA1
b4c2fda3d4d72c3e3294beb8aa164887637ca22a

SHA256
c84da836e8d92421ac305842cfe5a724898ed09d340d46b129e210bdc9448131

SHA512
fa838dab0a8a07ee7c370dd617073a5f795838c3518a6f79ee17d5ebc48b78cebd680e9c8cbe54f912ceb0ae6112147fb40182bcfdcc194b73aa6bab21427bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\pyexpat.pyd

Filesize
194KB

MD5
79561bc9f70383f8ae073802a321adfb

SHA1
5f378f47888e5092598c20c56827419d9f480fa7

SHA256
c7c7564f7f874fb660a46384980a2cf28bc3e245ca83628a197ccf861eab5560

SHA512
476c839f544b730c5b133e2ae08112144cac07b6dfb8332535058f5cbf54ce7ed4a72efb38e6d56007ae755694b05e81e247d0a10210c993376484a057f2217c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\python3.dll

Filesize
65KB

MD5
7e07c63636a01df77cd31cfca9a5c745

SHA1
593765bc1729fdca66dd45bbb6ea9fcd882f42a6

SHA256
db84bc052cfb121fe4db36242ba5f1d2c031b600ef5d8d752cf25b7c02b6bac6

SHA512
8c538625be972481c495c7271398993cfe188e2f0a71d38fb51eb18b62467205fe3944def156d0ff09a145670af375d2fc974c6b18313fa275ce6b420decc729

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\python311.dll

Filesize
5.5MB

MD5
387bb2c1e40bde1517f06b46313766be

SHA1
601f83ef61c7699652dec17edd5a45d6c20786c4

SHA256
0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

SHA512
521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\select.pyd

Filesize
29KB

MD5
e4ab524f78a4cf31099b43b35d2faec3

SHA1
a9702669ef49b3a043ca5550383826d075167291

SHA256
bae0974390945520eb99ab32486c6a964691f8f4a028ac408d98fa8fb0db7d90

SHA512
5fccfb3523c87ad5ab2cde4b9c104649c613388bc35b6561517ae573d3324f9191dd53c0f118b9808ba2907440cbc92aecfc77d0512ef81534e970118294cdee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\sqlite3.dll

Filesize
1.5MB

MD5
89c2845bd090082406649f337c0cca62

SHA1
956736454f9c9e1e3d629c87d2c330f0a4443ae9

SHA256
314bba62f4a1628b986afc94c09dc29cdaf08210eae469440fbf46bcdb86d3fd

SHA512
1c467a7a3d325f0febb0c6a7f8f7ce49e4f9e3c4514e613352ef7705a338be5e448c351a47da2fb80bf5fc3d37dbd69e31c935e7ff58ead06b2155a893728a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\tcl86t.dll

Filesize
1.8MB

MD5
50be441afc42714cb7fe98677f304807

SHA1
0604a2992f698e45d1524c44a924b7451d8ad003

SHA256
4e699ff2d6d147d0586c8c77be5a18f20ca0758f432d7b0f489223f2fa4dd221

SHA512
a99c7b5c9d42c53cf51ace16871bb2f1dfc9424077b0a758ec1b8583eb1be3cdd413d005188fa82dd61093b56882cd72b32f15b55599c5f0fcbce34321afb639

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\tk86t.dll

Filesize
1.5MB

MD5
50be514d4234103d49fb2a600a272fce

SHA1
e441b77a421598998d24814afd4af8090d306e57

SHA256
b6af038120f2b8644c7ce1e11917f410009848287622135d7e386f90d28a831c

SHA512
d93467b688f68f15eb46dc1aef4bd4f4d0b91193a2c40a1d4b5cc6e906a443343e261225df530527491a01c58803b91a138d5147d7a02aedeb9cddd3adc77fef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31722\unicodedata.pyd

Filesize
1.1MB

MD5
fd9132f966ee6d214e0076bf0492fb30

SHA1
89b95957f002bf382435d015e26962a42032cb97

SHA256
37c68617fa02a2cadced17ef724e2d450ef12a8a37215da789a4679fde1c5c02

SHA512
e35729abc45e5561aae1fb9e0e7c711dd7d3c1491520aa5c44fcc50c955f549f81d90897959327e930d02a5356afe08d6195adf002c87801a7a11235670639b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qn5llo5u.dkd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/4872-3329-0x000002C8EC8B0000-0x000002C8EC8D4000-memory.dmp

Filesize
144KB

Download
memory/4872-3328-0x000002C8EC8B0000-0x000002C8EC8DA000-memory.dmp

Filesize
168KB

Download
memory/5032-1179-0x00007FFF913A0000-0x00007FFF91E62000-memory.dmp

Filesize
10.8MB

Download
memory/5032-1180-0x00007FFF913A0000-0x00007FFF91E62000-memory.dmp

Filesize
10.8MB

Download
memory/5032-1183-0x00007FFF913A0000-0x00007FFF91E62000-memory.dmp

Filesize
10.8MB

Download
memory/5032-1184-0x00007FFF913A0000-0x00007FFF91E62000-memory.dmp

Filesize
10.8MB

Download
memory/5032-1177-0x00000178F9190000-0x00000178F91B2000-memory.dmp

Filesize
136KB

Download
memory/5032-1178-0x00007FFF913A0000-0x00007FFF91E62000-memory.dmp

Filesize
10.8MB

Download
memory/5032-1168-0x00007FFF913A3000-0x00007FFF913A5000-memory.dmp

Filesize
8KB

Download