6016fa4c76d7e325d76aa90b06341aa7a5a0f722832196974bdd622461ff5793

Analysis

max time kernel
1482s
max time network
1508s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 02:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

py-clash-bot-v2.0.6rc2-win64.msi
Size

95.0MB
MD5

b7401fa300aead3e7bed92309f4b4dd1
SHA1

731b908be3804ea55c841ec88d669556b2320e0a
SHA256

6016fa4c76d7e325d76aa90b06341aa7a5a0f722832196974bdd622461ff5793
SHA512

f2d28d70a085c533cfa6f3c5d9aba5dc846eadd3832b698b1216449cb9f26bce399f5df455d8774cbf8ef322598989df0dd3531abfe3bc2c4f318d9ebb0a03db
SSDEEP

1572864:spzklSVVWHncYUH1lOSpBMKXM6QTrR4+ZuJMhoUvRt6M1pj+g3t07YrBVrBI1cMx:tqcHctH1lpp3Qh4+wJMH1pi7YrnlvKtJ

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File created	C:\Windows\Installer\SourceHash{0B75F529-9C6C-4C75-A840-59831CE0182B}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9693.tmp	msiexec.exe
File created	C:\Windows\Installer\e579339.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFE58B692BD215993A.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\e579337.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF3DDCB7240BCA140C.TMP	msiexec.exe
File created	C:\Windows\Installer\e579337.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DFF0D4C7BCFF92503E.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF717BCEF247F8432C.TMP	msiexec.exe

Executes dropped EXE 1 IoCs

pid	Process
2016	py-clash-bot.exe

Loads dropped DLL 34 IoCs

pid	Process
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe
2016	py-clash-bot.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000cfb66584abbe87e90000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000cfb665840000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900cfb66584000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dcfb66584000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cfb6658400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2292	msiexec.exe
2292	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5104	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5104	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5104	msiexec.exe
Token: SeSecurityPrivilege	2292	msiexec.exe
Token: SeCreateTokenPrivilege	5104	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5104	msiexec.exe
Token: SeLockMemoryPrivilege	5104	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5104	msiexec.exe
Token: SeMachineAccountPrivilege	5104	msiexec.exe
Token: SeTcbPrivilege	5104	msiexec.exe
Token: SeSecurityPrivilege	5104	msiexec.exe
Token: SeTakeOwnershipPrivilege	5104	msiexec.exe
Token: SeLoadDriverPrivilege	5104	msiexec.exe
Token: SeSystemProfilePrivilege	5104	msiexec.exe
Token: SeSystemtimePrivilege	5104	msiexec.exe
Token: SeProfSingleProcessPrivilege	5104	msiexec.exe
Token: SeIncBasePriorityPrivilege	5104	msiexec.exe
Token: SeCreatePagefilePrivilege	5104	msiexec.exe
Token: SeCreatePermanentPrivilege	5104	msiexec.exe
Token: SeBackupPrivilege	5104	msiexec.exe
Token: SeRestorePrivilege	5104	msiexec.exe
Token: SeShutdownPrivilege	5104	msiexec.exe
Token: SeDebugPrivilege	5104	msiexec.exe
Token: SeAuditPrivilege	5104	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5104	msiexec.exe
Token: SeChangeNotifyPrivilege	5104	msiexec.exe
Token: SeRemoteShutdownPrivilege	5104	msiexec.exe
Token: SeUndockPrivilege	5104	msiexec.exe
Token: SeSyncAgentPrivilege	5104	msiexec.exe
Token: SeEnableDelegationPrivilege	5104	msiexec.exe
Token: SeManageVolumePrivilege	5104	msiexec.exe
Token: SeImpersonatePrivilege	5104	msiexec.exe
Token: SeCreateGlobalPrivilege	5104	msiexec.exe
Token: SeBackupPrivilege	4484	vssvc.exe
Token: SeRestorePrivilege	4484	vssvc.exe
Token: SeAuditPrivilege	4484	vssvc.exe
Token: SeBackupPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe
Token: SeTakeOwnershipPrivilege	2292	msiexec.exe
Token: SeRestorePrivilege	2292	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5104	msiexec.exe
5104	msiexec.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2016	py-clash-bot.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 3188	2292	msiexec.exe	85
PID 2292 wrote to memory of 3188	2292	msiexec.exe	85
PID 2016 wrote to memory of 2032	2016	py-clash-bot.exe	89
PID 2016 wrote to memory of 2032	2016	py-clash-bot.exe	89

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\py-clash-bot-v2.0.6rc2-win64.msi
1⤵
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5104

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3188

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4484

C:\Users\Admin\AppData\Local\Programs\py-clash-bot\py-clash-bot.exe
"C:\Users\Admin\AppData\Local\Programs\py-clash-bot\py-clash-bot.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e579338.rbs

Filesize
388KB

MD5
27fbfcc5264fa2c69b7d0f02b56b3e82

SHA1
cdee7e4e090b14815535da8648329257b811f415

SHA256
204fa2f98b1cf679c9cd4957a928998f61107be583cdcd4494d12bbcb799755e

SHA512
76b661b501cf2dbba9620bcb057e3016c398b267eb4800372079bbe3caed687a95d52da5cbf2c73e6bcf721c0a87e37af32e7521caf31296d850cd4a26bf18ea

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\PySimpleGUI\PySimpleGUI.pyc

Filesize
1.6MB

MD5
0b70cd8b5045f6300c872b9ac9e5796d

SHA1
b16ff3d4e8847d74bbe26b1d7b6960d5c5b5ac13

SHA256
e9875dbab83688601f900f0896bf53e3ddd36bd6203f2ee967b37487393f2943

SHA512
5b52c646088ff64010cc86a17b9126c32650e08371584650b965dc857ca5af3c18526d9cb462fea00ef5f546a9c33e478bf1b078f1e7ea3001dd14a53f7612b8

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\PySimpleGUI\__init__.pyc

Filesize
345B

MD5
12b2b7b7104c5941ad5e437aa79dc747

SHA1
206dbd386ec41554e55cd281ee1584d8197c909b

SHA256
143ad0d8fa3d666498bb7efbfd7e4a7cd57edcc503e24236d3a48ad6ccfeb6cf

SHA512
7ac5a331fc1d0ee9bab54762a89a30f9565f69efa937786f4b79a51c0f0f36acd382f8c8631e25ff2b8ec52ba6ddacb180e288b44d7f6391ad3c15729cc64964

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\_bz2.pyd

Filesize
82KB

MD5
afaa11704fda2ed686389080b6ffcb11

SHA1
9a9c83546c2e3b3ccf823e944d5fd07d22318a1b

SHA256
ab34b804da5b8e814b2178754d095a4e8aead77eefd3668da188769392cdb5f4

SHA512
de23bb50f1d416cf4716a5d25fe12f4b66e6226bb39e964d0de0fef1724d35b48c681809589c731d3061a97c62b4dc7b9b7dfe2978f196f2d82ccce286be8a2a

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\_hashlib.pyd

Filesize
63KB

MD5
534902be1d8a57974efd025aff4f11ef

SHA1
1179c6153dc52f72c29fe1591dc9a889c2e229e9

SHA256
30adfb86513282e59d7e27968e1ff6686e43b8559994a50c17be66d0789f82b3

SHA512
7f0cdcf8576faf30fc8104b9bc9586d85ad50b7803074a7bcaa192eed05b1e2bd988a91873554fb63f204fcad86c667e95755c5ff13c43f96dc334ef3ea37240

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\_lzma.pyd

Filesize
155KB

MD5
2ae2464bfcc442083424bc05ed9be7d2

SHA1
f64b100b59713e51d90d2e016b1fe573b6507b5d

SHA256
64ba475a28781dca81180a1b8722a81893704f8d8fac0b022c846fdcf95b15b9

SHA512
6c3acd3dcae733452ad68477417693af64a7d79558e8ec9f0581289903c2412e2f29195b90e396bfdcd765337a6dea9632e4b8d936ac39b1351cd593cb12ce27

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\_queue.pyd

Filesize
31KB

MD5
dbd3c2c0a348a44a96d76100690c606d

SHA1
04e901eac1161255adb16155459ac50f124b30a6

SHA256
2bfd8459ba01c741d676f79ee96802fb2c29cb30f50301d67fde8bbce8e7e7d4

SHA512
99fee97c272bfff4515407d588b2761af7be39a83be070e01128fba71ff75404fbad6352bcdbe5465786ce86a6550f47b177d022ccb53f32f5a482db61bee3b4

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\_tkinter.pyd

Filesize
62KB

MD5
e3bfc9a6cbbede7cf69d4c14104ba270

SHA1
78ee71c37e55479ed98150b0e1a8868562de6582

SHA256
652645a21f6cdb07358b29b4535f8e978f445856aed995fbb9f741c871c62162

SHA512
d97594ca1b837feae94d3e7d046ba43d834b0a1703ceeb4c01baa3c150ae31a879607e2c4bb0dae11e0a1bb47060c96b283cc97c1ca1da103ed2265d7aacd7a8

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\_uuid.pyd

Filesize
24KB

MD5
4ba1fcf5f12ebc514e86d7e02901b3c3

SHA1
0fd88df618da41cdeb4afdaded039932a66ce5f6

SHA256
51cb69267f77c094d687af5b80c560eaf325d0990304baf20242d477d8b156a1

SHA512
3601331a84a9dcf62bbdadfc5c273853acf229931e70f5ff6f541d5f23474373f9366c606534ffdbf73c1044e98e464877b395f2e285821f264a57cd90021705

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\collections\__init__.pyc

Filesize
76KB

MD5
86fbcaa588aaf19bd549b86b05df26b2

SHA1
e84c5d31dd295bd4f680f4d8c3e865a4aebab121

SHA256
b3e037d0c4b849a50bd963774094107fcc04ab5d03e545d618afceafd63397d8

SHA512
ecaac180be311e02ed4f8cba26c510a235ddb275a8e09c2f9c6550c2993cf304d5778d3378969ebd7f7f29cb81ebee276d646fbb2a7131f01b245226b9148e63

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\collections\abc.pyc

Filesize
323B

MD5
a4cefdcbc970d89150f76cbfa9c41ae6

SHA1
6e3793fb96bd5ae4f523359cb1da3b22108659ca

SHA256
85bf4de8823177472eee5747ff77a6edfbe5949275b8e793a5a054c9bb3d2914

SHA512
63b71a46b3bae2858f6fcf1d1a9b49db8fe638ae81157c844cea125c2329715adbfb0c1ebab82108d2b0f962a9422f081c584d1ea4875c14c3e87291170df447

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\email\__init__.pyc

Filesize
2KB

MD5
803970293bf6e68660e547719ef5f7d9

SHA1
838f7b0d17dd20402fd484ae69ab4039e2bf7534

SHA256
13737db7dcb21dc6336699646b73df802d37c273a3b038810320414987638751

SHA512
53dddf78307e49581bf958dbd66d33e4795c924c94a2a9571cdacd4304760f71808b63b0e570bb8e1da0320ea6aecf1a99b5cc3d3687716cfe22915cbe761d4f

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\encodings\__init__.pyc

Filesize
6KB

MD5
67ccfb39d81acf1202ebf28a98225bef

SHA1
15a342a881132f3ce6e1b687359fd04bf7b97cd1

SHA256
cccda1e98b4a67084a0a58ce4230ff37f0c285c46da09e2ac62262a69ef11afe

SHA512
780b91a65e6f537b01c4541c8bf67fc0dc19975e3362669bcbe003328a38397c3db02664317a243c8a90ee5c5d8afc5eccedbe0cf17e5d1b0f93a14e41136d2a

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\encodings\aliases.pyc

Filesize
12KB

MD5
d47d3c293a5cc551057f7d6c10582044

SHA1
3b473f6358c783a92e30f16ff84c637a222c57b7

SHA256
2b499b691cb21bc101170e33e6c4ddd99ade7be4c652c8e998051cae2fe7b3d7

SHA512
4434f80b00b42d3bdd47281f7587dfde5e79a24e1166977115eaf4b77cc3d673500eacbda32361e600e45f0e3f46d0cb3769b14b1c9da780732d22ccdefb8be6

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\encodings\cp1252.pyc

Filesize
3KB

MD5
8312ce220eb794401cc7fe21b513ad68

SHA1
6b1bd6fc3991a6cd79eed19b771fd3fc1b53c60b

SHA256
561916c512307d4a5ddbce81360e0a13fbbbe179a9ee05995564490553534daf

SHA512
c957b3d738f8b11c675f54c431002ede97c5563737082dc762deddc619e4bd1e9e7a6429cb21e2fbdfb4d2b38f5e9e151241da976ea0018a22b5eca37647395c

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\encodings\utf_8.pyc

Filesize
2KB

MD5
d083f99e0493ab2979b9cdc537f45e2c

SHA1
5e6557533754054aed75dd140661e971c0ffc2c5

SHA256
0b7e7c9db95923889f6a2e0bf149f09fbb3462b4e13f8ecdbf22b02a42323948

SHA512
b49cf8232ab14633a00c1b386dbd82e02465437ee963d9cd36bd1724142c9fe86bd31967e3f3f89266be0c98e944874f5b57e6709973d0d242b64934f0d2be76

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\http\__init__.pyc

Filesize
8KB

MD5
669724b290c9b95a91834a9eff6566ee

SHA1
0110f22c202a404fe60599cd7330aea86daa8cf6

SHA256
2242ee216576b44f3242747ef5c6a84b35d9b7922eb82805333dbb8302572a2f

SHA512
22e3fd5e0ef8a8d6054952c2423f77527a3c461f7abc252bf092bbcbe0bd91f5a19bc69d93e0fa98f844819e2905dacd8a436d3f5778cf4f2688cd116bb8585a

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\importlib\__init__.pyc

Filesize
6KB

MD5
d82d85175f9d3d3de24e4424afd3333c

SHA1
206eca8ee059f5993a788901a61e06090cafdaab

SHA256
2ba3eccee1caf4df42b9d890218eb24fff8ca57109dadebcbc99eaef71a04845

SHA512
70a3a3c423e947f5e8eb412554b6fac4db1afd5fe03178864274857bd02ab65430ea11792e7c07a3096174eda2723b733f1369452c6d8ffae6786a28a3bd6ab1

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\json\__init__.pyc

Filesize
13KB

MD5
f824a7985cc80a86981489af33a7d592

SHA1
2b43d58c7b3becf7e57fd6200f85e3b46dd31a24

SHA256
a83ba7e137e5665dee9d6b4c191fb62dfb5e4501313ec4f52dac201db5ea5128

SHA512
912148ee324373050225ae39af6b8ab0ca80c0ac2543f22d2534cd834113b1594c86da9cb7584058e9442752e90f0a6db50f0000c324c1db540947e5917cafd3

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\json\decoder.pyc

Filesize
14KB

MD5
c6e6571238cb064491521e309cd08019

SHA1
d54f4bbe47ab12563a575dcfbfd8840390e0f723

SHA256
45b3e3aa991016283ce06aa37be3a28d7d988b78c1fa9403db24c1e97feb06f5

SHA512
b3b0c13e48db16ff0c8537579eb2cbfff03bb807bd4b7fa03ad2d3e284d9f530df4e0d8950017324236c852e9b7fbf2aeeba19f0ccfb59e36cb7eb5221e60d72

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\json\encoder.pyc

Filesize
16KB

MD5
32935abce8acaddaf6143d937e75fe6b

SHA1
844fca840a6d0e37a6be9981ea71f41e5ec6b34b

SHA256
42793c4421086f4a0cbe451391a21c404ea75a0b442ed7b1be9585b9b4b4ee8d

SHA512
91b9e853da69bb3811886f9186703c819f239c011740e3c15ea213f2481c11b1f3c43fb0d81922e69e17d88e4a9f7b10dd4e19b9d962e90335c0ad742e4256a6

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\json\scanner.pyc

Filesize
3KB

MD5
fd6266900e423bca44976eb72a61866a

SHA1
f3474ae7597319c0d46cb55598fbedc1e2ff343b

SHA256
be5937ee4534c5426dd4a196d6ad0992d6f08fa3c57ed911523515acc812b4a1

SHA512
b6844926f17aa521ae2554e32d9c98e860d6f7dc856809cfa851eedeb2b39f574d8f083d1024f137a6d23061d9abaa18822ab530018df332871cc0985c087305

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\libcrypto-3.dll

Filesize
4.9MB

MD5
51e8a5281c2092e45d8c97fbdbf39560

SHA1
c499c810ed83aaadce3b267807e593ec6b121211

SHA256
2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a

SHA512
98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\library.zip

Filesize
1.9MB

MD5
154cdcdc0b6c633c8081711c871fc9bf

SHA1
df74a4eefa6eadadd70966f5167d6d1f4cb4cc18

SHA256
d5f0f4635cbeb40862d23995a863a75e683c1f68414fde35095133c133dbc92f

SHA512
8f6c574981c9b5a0dc4da9ac40d5a9c04ad65c3b6e18e9222680e5b9864112cfd2c13240c2c520987caa22d55ba4ac91b9dec80931eabe77ce2f08020bcbb91f

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\re\__init__.pyc

Filesize
18KB

MD5
69824dae19f1bdbc3747a450ef8bd6cf

SHA1
47c8a77cc8fa3d2bfc1bc4a5a62d7b4258cff528

SHA256
6fca5a2918471c342a6a902b8ebaa09ad926914ead5d1bc5dc36f817cfc617ad

SHA512
4f6504019a458813ee5e43e0420c132115533f1e7c04cabaaf3ab8b582e4128c63c12869bba2524cced6e5e5fac3e84440765f34e47837a99e94eab514d1d6c6

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\re\_casefix.pyc

Filesize
1KB

MD5
6480b3f685c9c0a869312996196ce546

SHA1
1a7342c9940ff064eb8325ab46e1ec9845fe8185

SHA256
c146a061e920bcc9285811b8c859f3a50d64d98c94d1625dbb43acb7eb108018

SHA512
8bc95c32e7e8e0bd9bbf07f7eb5d2e0718de2cad0e444d9e778f8c4ed85dddee4afa3745479ca012a5eae2748327ae36e623834f6a10b89261c21eb1e0bc901b

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\re\_compiler.pyc

Filesize
31KB

MD5
c592d3a5d2c3dabaf4dd5cfd56127a19

SHA1
73bdb4d27bb7fb5485083e36144c5fe04c06350d

SHA256
9d2fbe15410580120e72a87a0bb5d0b210517cdbcf3a61df916c87f6e0486e3c

SHA512
f049f637c48d4312b62f08ee61a7d44f539807262738968ca57ffc6ad508ed3bc2557fb5fcb1a5fa09e745491a8181d85be4e40e95e5ea3e17579d880632455c

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\re\_constants.pyc

Filesize
5KB

MD5
c5b82878b5437810e73c06b6499ed261

SHA1
e6d83862459e5c18dc579aa3e848a6cc314afbc7

SHA256
c1423581b0c23e30cd55ecc1ceb499e032ece5349630ff426ff9c4f4364a1a26

SHA512
c7d12f20ce2e61587e3cec63e93bca96481de2a20a5a8153b072a67324964b86eaa8ddc127311f62cc45a14800c296aa7c8d691af33633294fc4307f11e7312d

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\re\_parser.pyc

Filesize
48KB

MD5
dc056b4c82c7ae2c092a3c6ff97f653c

SHA1
c9ad804cdad7f50c3169e463c14550257749dab8

SHA256
eafe34d74920410c33f63ba9a6d21e90f702af3256252f6c1787ae2cdaaa1940

SHA512
a88b89a480a1295dd9d4a914e2ca4d9fb67f68e14154b1d5e09c47f15bcea9d3648b8fa3369c67b12fc0185866508203c02d2da1bbe57332f6524c4698fae89a

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tcl8.6\encoding\cp1252.enc

Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tcl8.6\init.tcl

Filesize
25KB

MD5
982eae7a49263817d83f744ffcd00c0e

SHA1
81723dfea5576a0916abeff639debe04ce1d2c83

SHA256
331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f

SHA512
31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tcl86t.dll

Filesize
1.8MB

MD5
ac6cd2fb2cd91780db186b8d6e447b7c

SHA1
b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

SHA256
a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

SHA512
45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tk86t.dll

Filesize
1.5MB

MD5
499fa3dea045af56ee5356c0ce7d6ce2

SHA1
0444b7d4ecd25491245824c17b84916ee5b39f74

SHA256
20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

SHA512
d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tkinter\__init__.pyc

Filesize
251KB

MD5
58f4d480ea235ef0da4b338e72afbd7e

SHA1
3f16d6edb523d342f7993a0be5772516ac8a54eb

SHA256
f771769ff795d5e52388e78a796bc10d95c64014b62aee0f5f36870729e3d16e

SHA512
5f53d44bd0c5ef4d7fe3cff3a660ae37b13bfb82b34116558c0b28bf784c2c23c7e00b951256b2b70b77577296c807a1f1f97aad50e746010c9ec47fc898af78

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tkinter\colorchooser.pyc

Filesize
2KB

MD5
8fede98bd9d61641f0bd5af5f5b5e999

SHA1
a5f20351aee63d6c8ee5c3de0566685c374d2204

SHA256
78c2168f2a4a21114fcb7f9d208d5b78bd460524b04820ff9ea1de9833fba12b

SHA512
b8fc9cf3ea0a1934cec597b1c8b653def7ba9daf57d60ac319d003887b2b4fa6740975020b2eaa1c6aedf2d1b4f64ddf0301b162f46f374815ee9e03e59996ea

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tkinter\commondialog.pyc

Filesize
2KB

MD5
c1a30c9265f1c7bdedf1a4233e7a2018

SHA1
cbe756124f7a758a6764188a430c2cde27505a0f

SHA256
14bdaef17eabc24f0e491330736420631aaf5f9efc15afa2eee3ec59a091f189

SHA512
cd67a343ef78391b946908b778e935b7dd16bcef4da84cbdc7e495f1af068078e5d858f5eaf17b29636b4dae5593de8db5031bf0941b9712778f1245ce131d1a

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tkinter\constants.pyc

Filesize
1KB

MD5
935760869389b3dbbed09ab630f09d21

SHA1
2c5badb3b6b2dcf57dee6c50f25a5537b3870ca1

SHA256
f469b711cc1de03fff357d006aed34733b91453ef2b228a11162c031aeed32b4

SHA512
563585eb5e3e784964e010a0a2bd166772f4d5d7b4e3a214454e7dc69732243cf243ac043212afb5e4e0d5204d7c66c07eb632ea26623ebfcfea18ca3da07c39

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tkinter\dialog.pyc

Filesize
2KB

MD5
d93aefc1112a0019ccb12fe112761890

SHA1
8a161b53a3dd2e53f8bfa0b5696074a6e2fc3f4b

SHA256
a84db423fd1bb4527fd2dc69a11507654e7c6c594bfbf90ebbc6e051ad659ed2

SHA512
0a8468a0167a849cc7f2f8e9d9c4d08aa2bf3c44af80aa0c680e3ffe26cd4d7797aefbc819f747d2cf836d1f8901fa2cba5811ac741ed1f6af6835e8bf88e528

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tkinter\filedialog.pyc

Filesize
24KB

MD5
7a2f5843fbd2dac8fe497fc462777b41

SHA1
ec524738580859c7c4f28bb65e933af3bb9abe26

SHA256
dfb2ea859db053c2069c59b041f967660dcc16b08963d5f17561fe6e471a2e9f

SHA512
e0aada120688d21d63a2fa6847475025c5d29f6eb0e1123a8649e40b55892fdff4e009d35121013edad34f61ef6896ce63182f328c19549bd6bd03f70f3b6231

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tkinter\font.pyc

Filesize
11KB

MD5
00023fce1504c18285a8925dc3aef41e

SHA1
c9a3aa968fb443c41e78eb2aa3d2f88e1b2d3c4a

SHA256
84ce9a54b930eeafbd2edd575b161007a38350e9363afb549034e0901a51d599

SHA512
230a3f54d610fe1c023226ea49f0275b07641f282356bc2564604e3a7c70d9ff8bfb8da9596b04feb949ead5558e9d10508cf8d7743b4332363f8db4c9a21f48

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tkinter\messagebox.pyc

Filesize
4KB

MD5
c6448522313c91147706d5e6ee488b72

SHA1
903d73b776c6f172a599de5384ee18bf2e2dbc94

SHA256
081e377a0561534cde8a04325d22c0fe707ee86709f513909ce1e916d97ba162

SHA512
0226e8dd746f6a8b6f0f9cdde12b2b99bb605d4fc22735ac6dc05cd83fe8a74e55a06cb19882b09b942b83331768063ab57b7eb631b51fedfc8661d9aba2c385

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tkinter\simpledialog.pyc

Filesize
19KB

MD5
307ebd545e323b5f892056ce77f806c7

SHA1
e18b001423f1b39dec8d33e9ee7fe671b3134ae6

SHA256
6d91f5436123f92c3d992053a65cd2851bd2cfccbea5f80e93537e7614f8432b

SHA512
db3fb9825295a7e5821c0ad21f951fa4ecf65eb937941d611aa0b08abeef6f384c7f5325e9736bf2d99a41685360e0ae7626b5e38b3f4a5f67ff7f23820939fd

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\tkinter\ttk.pyc

Filesize
76KB

MD5
af74bb58ffe44674a4bf52f4c8ef6468

SHA1
5dc606e64039bd77b394cbb9273c13f4566312cb

SHA256
b565c623291b465d3fbc4f5e41a768e4ca0ab0d054a151418bfff20e31d382a5

SHA512
b7d67d01157f20fb8a4a6f7b86263e1a6cb4f457e3952439c6de9ec1ba86c9681aa0ef23cf695dbe794700f495cd71860c1a4a4c4d747b185cc1a84dc3a40b66

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\urllib\__init__.pyc

Filesize
176B

MD5
c9cac1d77fc6a66e9e1cb91a1ba72e4a

SHA1
b33ff03f81f382a667633dcb47465c90361a7472

SHA256
a03c4abf52e02116b11dd07bc3a613c4d3c4dfc5ebddd45a7867d8157bf662ba

SHA512
2a618d1056d277a9bdee8f97e42f4d94bec87fc139218cf2ee121a1c5113f047da64b877dde4b00e9ac1d41c42a4336d02782cc8fb6b808194955c73ebdf75d4

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\lib\urllib\request.pyc

Filesize
123KB

MD5
7496c821e027902af0032a8f24897864

SHA1
8da48c61fa999fbdd353becc620a3114d4ee2b0c

SHA256
70cf1e9939b5f27447a28c5b96a49525acb6632f69feedd7ad40bd5f9b2875c5

SHA512
746d62b34726dca5f0977a50e00291f9a25887fdf8662d7c33068fddf55823573c14f17c01624b704715e65185c09356a920d3937a94300a04458713c2e6e5de

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\py-clash-bot.exe

Filesize
446KB

MD5
7a879ce955ee3b3046bf08371906d4b5

SHA1
f54d9965cd02dd5da8257d38915e964b3fca4601

SHA256
196da25caf876a97c220bbb29a267dc2176e54c42f33c21e3b0f2bd4306caac7

SHA512
16a935db787486dcf9ffb50b9e9b056bdb3a08f2ec99d34135596ad1e39efecb340c3cb668c2947536d678379656a66d9c143c7fe2d9b76efd80d2ed28bfbf60

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\python3.dll

Filesize
65KB

MD5
ff319d24153238249adea18d8a3e54a7

SHA1
0474faa64826a48821b7a82ad256525aa9c5315e

SHA256
a462a21b5f0c05f0f7ec030c4fde032a13b34a8576d661a8e66f9ad23767e991

SHA512
0e63fe4d5568cd2c54304183a29c7469f769816f517cd2d5b197049aa966c310cc13a7790560ef2edc36b9b6d99ff586698886f906e19645faeb89b0e65adfdd

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\python311.dll

Filesize
5.5MB

MD5
86e0ad6ba8a9052d1729db2c015daf1c

SHA1
48112072903fff2ec5726cca19cc09e42d6384c7

SHA256
5ecda62f6fd2822355c560412f6d90be46a7f763f0ffeec9854177904632ac2d

SHA512
5d6e32f9ff90a9a584183dad1583aea2327b4aea32184b0ebbec3df41b0b833e6bb3cd40822dd64d1033125f52255812b17e4fa0add38fcda6bab1724dfaa2eb

Download Submit
C:\Users\Admin\AppData\Local\Programs\py-clash-bot\vcruntime140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Windows\Installer\e579337.msi

Filesize
1.9MB

MD5
4ce4d7f3a22216e44fd26eb6dda0036b

SHA1
b2e86051947f6f1960bb3e4026c59c736172cae0

SHA256
ba2df459c3f764d66ebbaf11722d7cee19d26ba48394d89c384953d245912864

SHA512
ff52f7bfce1bc287c9184a211eb058235c5a714e4bc467639affeaeea6258d39532b4da4d00954f2622500f3d6529a656f6d79030daf7a0cddd4cf628c84b70b

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
12.8MB

MD5
a3427befd59adf6b2d3d7b7d7152e4f0

SHA1
772c397b773f7b95de1216252586014077bfdd67

SHA256
07120d9790e115a8d2f3569370f0503b49db8ff2e642c85763022738d5566a8f

SHA512
2badae777dfd4fd74492a5ed7df81053ec44cdb66a560de98d7cfe567c33eb1a2f03ad2a9f1d35ab0993d2e523f846ca36bf009443a1351156adaa2bf09a63e8

Download Submit
\??\Volume{8465b6cf-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{c3041bf1-8399-4518-bb99-8c639af8f16f}_OnDiskSnapshotProp

Filesize
6KB

MD5
0d59da1bb597d15f4c81c3c7d04d581a

SHA1
1f3f4b310fbad05919ed172e6f437cea6e8d6289

SHA256
2ee2d242a9d5304c0b1cdb4ba56a21c0378bc98c78b9fb0cfbce803825beb341

SHA512
8dc64758463245521178c722893d93832364a0b1f1c6e321f07d4bc38101a250115cd680a7efced395d293da31e56cdfb36819a1bfdcd5138a5650531f678c0a

Download Submit
memory/2016-3666-0x00007FFF011E0000-0x00007FFF03296000-memory.dmp

Filesize
32.7MB

Download
memory/2016-3667-0x00007FFF011E0000-0x00007FFF03296000-memory.dmp

Filesize
32.7MB

Download