deac181d9f369808808e3aff6effa4d8baa128c5408091ad771c0aa84159ef28

Analysis

max time kernel
53s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FlaggexDE.exe
Size

40.4MB
MD5

0abe277e07ec1165ca20a74304e4baff
SHA1

6c15f025474289d8fe38583c49d54c814f5e24eb
SHA256

deac181d9f369808808e3aff6effa4d8baa128c5408091ad771c0aa84159ef28
SHA512

51670041bcbe29baca5b44e2d568eda7e16489f9a743cf35576c166edc6ef2b26a97874312b4be0af248e6edfd76cbf6fa03a0f69242f3fa0ee52e51d02adbf2
SSDEEP

786432:/oZOzsN1haPnf3Bd2e9YTQuR06u8tBoH13wH2lCTl7Th19sJkAdF6bqyV7XNzj7k:QZOz+UPnfWe9du1ZoH13+2kTlfCJkA/l

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 48 IoCs

Processes:

FlaggexDE.exe

pid	process
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe
3992	FlaggexDE.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 45 IoCs

Processes:

FlaggexDE.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	FlaggexDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 50003100000000009a58756610004c6f63616c003c0009000400efbe9a586b64b958ed7b2e0000008ae10100000001000000000000000000000000000000fe9f2e014c006f00630061006c00000014000000	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	FlaggexDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	FlaggexDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	FlaggexDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	FlaggexDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	FlaggexDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	FlaggexDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c004346534616003100000000009a586b64120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe9a586b64b958ed7b2e00000077e10100000001000000000000000000000000000000f5e090004100700070004400610074006100000042000000	FlaggexDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\NodeSlot = "1"	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 6400310000000000b958fd7b10004d4f444946497e3100004c0009000400efbeb958fd7bb958fd7b2e000000623302000000090000000000000000000000000000004a3ed4004d006f00640069006600690063006100740069006f006e007300000018000000	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 6600310000000000b958fd7b1000434c49454e547e3100004e0009000400efbeb958fd7bb958fd7b2e000000653302000000090000000000000000000000000000004a3ed40043006c00690065006e007400530065007400740069006e0067007300000018000000	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = ffffffff	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	FlaggexDE.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	FlaggexDE.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	FlaggexDE.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5c00310000000000b958fd7b1000424c4f5853547e310000440009000400efbeb958fd7bb958fd7b2e000000312e02000000050000000000000000000000000000004a3ed40042006c006f00780073007400720061007000000018000000	FlaggexDE.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	FlaggexDE.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	FlaggexDE.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

FlaggexDE.exe

pid process

3992 FlaggexDE.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

FlaggexDE.exe

pid process

3992 FlaggexDE.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

FlaggexDE.exe

pid process

3992 FlaggexDE.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

FlaggexDE.exe

description	pid	process	target process
PID 2296 wrote to memory of 3992	2296	FlaggexDE.exe	FlaggexDE.exe
PID 2296 wrote to memory of 3992	2296	FlaggexDE.exe	FlaggexDE.exe

C:\Users\Admin\AppData\Local\Temp\FlaggexDE.exe
"C:\Users\Admin\AppData\Local\Temp\FlaggexDE.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2296

C:\Users\Admin\AppData\Local\Temp\FlaggexDE.exe
"C:\Users\Admin\AppData\Local\Temp\FlaggexDE.exe"
2⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3992

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22962\PySide6\MSVCP140_1.dll
Filesize
26KB

MD5
b80b518b13951c82c94372e0b4334f46

SHA1
4f2e52d6b4152f85396d97b2ae21942d802e0d70

SHA256
21385ac166951b2730ea2b98ea64b675ce7657790852006f664c497c6665efb7

SHA512
5b2ef0de7dd34c7935a80492225a53af2f3cf6b9cc10e39e8b7999f481501e51b244fd49fa3fee80d9a8c347356c3a0a9fe0da0b527cec344c84447090588966

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\PySide6\MSVCP140_2.dll
Filesize
184KB

MD5
8efc3d8d3a9eb24fb3d176203a6e8eed

SHA1
84d655a86c898aaf569ce6165a307ec1047ff37b

SHA256
55c29d40080e75a8e0f8d3b7b45ab4173c41bc2048b63f69934bad7fd29e1af7

SHA512
182ceef0d3115d688fef74ca7cd34b1f32080162a7ada1f5ac3f0a25ee0e34779c0c3f3e706ffda8d6fa950542f4c576f117687981da794890bb199cd4554add

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\PySide6\Qt6Core.dll
Filesize
6.0MB

MD5
f207a2f08f06fbad3102fb8f56599861

SHA1
c70f7e1bba9b6131c987241b7100c86fa62ab5e8

SHA256
fdc979fd91b75eac8002d06399d828e124701da7cf0c8e06da298c66ff1dfd3f

SHA512
8b85966014736122e8e8bc9d267e70be9dcff36b5bf6363c14829bae3072566415d70d538cf68e82fabf7a3b81dc52e63915c4cd651c23988be7a8ebc779feff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\PySide6\Qt6Gui.dll
Filesize
8.5MB

MD5
268a1a6597f51d5fa3051abb021f44d1

SHA1
c05ef58d64e166476b0cfc3637c603de0ca7c9df

SHA256
e1eca5eeef3c70c059b70ad07640d7584b8ae0504246962b59a52c60d595ca1b

SHA512
c15298799165f8083c4373c11320b32d63e4e45d93e6ac9b7a0716ee003c9095a7ae7cba57a7eb9856e2ca26498996dea883cb9a33eb76e78e91803a5289ac5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\PySide6\Qt6Widgets.dll
Filesize
6.2MB

MD5
86d5de3633a355a2d30411fc736b9f18

SHA1
b3be06dc34efe7cf832c3849b9176a53626c5a79

SHA256
feb34eefc3a445301e1e728af10c2b5b2f11b588a9b330037a8a7f5b12cf7f24

SHA512
a4479114734fe4cb8ae2ce7791bc3571c7f66eb160f4b849b4ad0a4985a5829d273c9c5c4d036060eb4cb77a9ed63be16d477ee3a9fa503b6644a985ebf35e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\PySide6\QtCore.pyd
Filesize
3.6MB

MD5
8f0788e8358a24c81bbc96301d44479b

SHA1
79d862e7b5a986b43e854482e9f171d72efc8065

SHA256
f1e12b3c129f00e8ebaa63c5ec5dfd5cd3cb7520b401eecb1b4de7732146fb27

SHA512
25b79ef3952762766c2492af8ea21c0c26c72b2da62edccf6f1d93f8e6f537c0497c3e7a2a9fd5b6db5dc5898bcf928cb8fcf50045366893c631553ff27197bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\PySide6\QtGui.pyd
Filesize
4.2MB

MD5
6ebac09cc98a49d090108552d82ef416

SHA1
62321590f7ac96b08d1add5b2806533647c341af

SHA256
e120ac09b12fde159864135aa2b683078fe1e953655578e81ac4a30d19f93ccf

SHA512
5a2db1233ef35c26dbd3b5274edb801996905ee45fe0dacd0f830a78752dd7d64c3ebf9784034ed9a1a66e3a32915fe5d9c8c624c75df67a73d8137602a7846a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\PySide6\QtWidgets.pyd
Filesize
6.0MB

MD5
1b881263ef4c95c410ea438495cb56c1

SHA1
9f6b2f91e769304a4f5ec86cdb20a061e4e7fba6

SHA256
640ea429981e8823490c3cb2c01db85a4ff7f29883341502e95f4f2f165fa39e

SHA512
ed69905dea9e37f41fdb613e26e24076bb8827306fc0abdc85fee204d691bd10ac26f0dde917fddcac74644b42eafee6a39dda2ff84471b714c963089e2c3d29

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\PySide6\pyside6.abi3.dll
Filesize
230KB

MD5
138cfbf1ca5aa6aa0e27101105180d8a

SHA1
71e6a476c6737c221335c8b1822a80a7495da8d4

SHA256
cd9dea82904abec48057d28fb98cd77308d26cfbb42d712c4382da0db5117050

SHA512
5c717381ff8377a09fbb81fc4cbed5b2176b9c95fbabf756d1ea7acf1bf0c99bd0fc4d727a53834e6e0331d3a668de0674dabafbd23d565a5c21512a62205059

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\VCRUNTIME140_1.dll
Filesize
36KB

MD5
37c372da4b1adb96dc995ecb7e68e465

SHA1
6c1b6cb92ff76c40c77f86ea9a917a5f854397e2

SHA256
1554b5802968fdb2705a67cbb61585e9560b9e429d043a5aa742ef3c9bbfb6bf

SHA512
926f081b1678c15dc649d7e53bfbe98e4983c9ad6ccdf11c9383ca1d85f2a7353d5c52bebf867d6e155ff897f4702fc4da36a8f4cf76b00cb842152935e319a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\_bz2.pyd
Filesize
77KB

MD5
a1fbcfbd82de566a6c99d1a7ab2d8a69

SHA1
3e8ba4c925c07f17c7dffab8fbb7b8b8863cad76

SHA256
0897e209676f5835f62e5985d7793c884fd91b0cfdfaff893fc05176f2f82095

SHA512
55679427c041b2311cff4e97672102962f9d831e84f06f05600ecdc3826f6be5046aa541955f57f06e82ee72a4ee36f086da1f664f493fbe4cc0806e925afa04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\_decimal.pyd
Filesize
242KB

MD5
09be0caf0e2bd7bea37a27527cb13c2e

SHA1
e543b614b3d008514979697a458b6d075b62e037

SHA256
2673b0ec0769c2513cfb63d72cbfadd3dd43963d30ddc368c6232dab1f607ee1

SHA512
5b98fb115e40a03b67a24cb18b2c2549efe8e15e7c1674d00307453ec0550d340cf4ea5bc4eee856acfa53bfd0f138d5cae771399db444091f3b8d2eea6c4cfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\_hashlib.pyd
Filesize
59KB

MD5
ad6e31dba413be7e082fab3dbafb3ecc

SHA1
f26886c841d1c61fb0da14e20e57e7202eefbacc

SHA256
2e30544d07f1c55d741b03992ea57d1aa519edaaa121e889f301a5b8b6557fe4

SHA512
6401664e5c942d98c6fa955cc2424dfa0c973bd0ac1e515f7640c975bba366af1b3e403ea50e753f837dcd82a04af2ce043e22b15fa9976af7cbb30b3ac80452

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\_lzma.pyd
Filesize
150KB

MD5
a6bee109071bbcf24e4d82498d376f82

SHA1
1babacdfaa60e39e21602908047219d111ed8657

SHA256
ce72d59a0e96077c9ea3f1fd7b011287248dc8d80fd3c16916a1d9040a9a941f

SHA512
8cb2dafd19f212e71fa32cb74dad303af68eaa77a63ccf6d3a6ae82e09ac988f71fe82f8f2858a9c616b06dc42023203fa9f7511fac32023be0bc8392272c336

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\_queue.pyd
Filesize
26KB

MD5
8dd33fe76645636520c5d976b8a2b6fc

SHA1
12988ddd52cbb0ce0f3b96ce19a1827b237ed5f7

SHA256
8e7e758150ea066299a956f268c3eb04bc800e9f3395402cd407c486844a9595

SHA512
e7b4b5662ebd8efb2e4b6f47eb2021afacd52b100db2df66331ca79a4fb2149cac621d5f18ab8ab9cfadbd677274db798ebad9b1d3e46e29f4c92828fd88c187

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\_socket.pyd
Filesize
73KB

MD5
c5378bac8c03d7ef46305ee8394560f5

SHA1
2aa7bc90c0ec4d21113b8aa6709569d59fadd329

SHA256
130de3506471878031aecc4c9d38355a4719edd3786f27262a724efc287a47b9

SHA512
1ecb88c62a9daad93ec85f137440e782dcc40d7f1598b5809ab41bf86a5c97224e2361c0e738c1387c6376f2f24d284583fd001c4e1324d72d6989d0b84bf856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\_ssl.pyd
Filesize
152KB

MD5
9d810454bc451ff440ec95de36088909

SHA1
8c890b934a2d84c548a09461ca1e783810f075be

SHA256
5a4c78adedf0bcb5fc422faac619b4c7b57e3d7ba4f2d47a98c1fb81a503b6b7

SHA512
0800666f848faec976366dbfd2c65e7b7e1d8375d5d9e7d019bf364a1f480216c271c3bcf994dbab19290d336cf691cd8235e636f3dbc4d2a77f4760871c19ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\base_library.zip
Filesize
858KB

MD5
ba9562ca1b287c33cd28fdc4bf937bac

SHA1
348dc56670b0d64f314ddf1d87fba637eb3781b1

SHA256
132df278615808a6835977303df21a8f1c44afb1d60cbea1d28040cdd3152c50

SHA512
9a5e01220de9849b38a398060feb05f14d714cdc773dc2f985d765736ec7515d5eecbc1d31511f4ba29c1d8ffc71c90ea158c0f301ebf861196ca7819d16282f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\charset_normalizer\md.cp310-win_amd64.pyd
Filesize
10KB

MD5
f33ca57d413e6b5313272fa54dbc8baa

SHA1
4e0cabe7d38fe8d649a0a497ed18d4d1ca5f4c44

SHA256
9b3d70922dcfaeb02812afa9030a40433b9d2b58bcf088781f9ab68a74d20664

SHA512
f17c06f4202b6edbb66660d68ff938d4f75b411f9fab48636c3575e42abaab6464d66cb57bce7f84e8e2b5755b6ef757a820a50c13dd5f85faa63cd553d3ff32

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\form.ui
Filesize
25KB

MD5
d2d878707177e9cdd931ae4fadefaa2d

SHA1
c34a502ce606acd71508546b2a6ac0072f9352ff

SHA256
1f71cdfe051bc638d5db1bcc33c5cdb35fac467886e38384b0e1ddbda1818d9c

SHA512
cc4ce180a9bc582c87004cd65636e777233ce4d0bb86bf414c036e520571cb62d63ab226c556c8cc494380c5b1e16080aa32cc5d6903f2c0e0538d9ba4e6b7ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\libcrypto-1_1.dll
Filesize
3.3MB

MD5
ab01c808bed8164133e5279595437d3d

SHA1
0f512756a8db22576ec2e20cf0cafec7786fb12b

SHA256
9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55

SHA512
4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\libssl-1_1.dll
Filesize
682KB

MD5
de72697933d7673279fb85fd48d1a4dd

SHA1
085fd4c6fb6d89ffcc9b2741947b74f0766fc383

SHA256
ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f

SHA512
0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\pyarmor_runtime_000000\__init__.py
Filesize
103B

MD5
f861243909360b8dd84e3d35beae0e03

SHA1
1dc1c1a800f0829e909fe55384da1a3099bfd7f3

SHA256
e4c919d7e21b1fad6855940a97256d8437bfa5e61c1c0041ca25b052201a1bd4

SHA512
942b0fad7e857f8ebd7368386455f7cb79861808202a148a2fb8c8df8a0c02d9500afb83bae95cb56d069b0c9cfc99fd1d366ad5607bc4cc1ff98a712d28db89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\pyarmor_runtime_000000\pyarmor_runtime.pyd
Filesize
619KB

MD5
f68faeab59570c1475560a53235e70dc

SHA1
81d6291d79b9e25be702938ab9d4955099fd54f3

SHA256
f35e1c924dc60b818811adfd81bb8cd11066b2c945b55c87cee023143a70c71b

SHA512
5759928d1b40a2eef9f7af3f9c244efddee94bafe1db7ca36cea2bd35f35eb934261315964c9831038130937c46a42a356b2cba1bc5daa22d60c7974afd2cd62

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\python3.dll
Filesize
60KB

MD5
0812ee5d8abc0072957e9415ba6e62f2

SHA1
ea05c427e46c5d9470ba81d6b7cbca6838ee0dd5

SHA256
84a29c369560c5175d22ee764fe8ada882ab6b37b6b10c005404153518a344ec

SHA512
18ca5631f2ae957b9ec8eaa7aa87094d3a296548790ced970752625a0f271511e0ce0042a0ea5469a9c362a0d811c530ef6fe41b84c61b25c838466acc37f22b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\python310.dll
Filesize
4.2MB

MD5
a1185bef38fdba5e3fe6a71f93a9d142

SHA1
e2b40f5e518ad000002b239a84c153fdc35df4eb

SHA256
8d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e

SHA512
cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\select.pyd
Filesize
25KB

MD5
63ede3c60ee921074647ec0278e6aa45

SHA1
a02c42d3849ad8c03ce60f2fd1797b1901441f26

SHA256
cb643556c2dcdb957137b25c8a33855067e0d07547e547587c9886238253bfe5

SHA512
d0babc48b0e470abdafad6205cc0824eec66dbb5bff771cee6d99a0577373a2de2ffab93e86c42c7642e49999a03546f94e7630d3c58db2cff8f26debc67fcad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\shiboken6\MSVCP140.dll
Filesize
556KB

MD5
57ecdb345c3e062026aa9d1f3d155388

SHA1
4407a616df90699a99d7d052d029089d4376254a

SHA256
f77ff41c2dfe7e9a75d42eb0f4d7d0faf4834f5671607f449dc3da2ab59919ca

SHA512
9cf183461bd427d8337bc31e3ea7a2f8008b12d0d76c5f5dcaf2d0c0c56ff89a4368330c942b750e197aa1f26ed8a06904a4da02afbea0b8a5199af0bbc3d05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\shiboken6\Shiboken.pyd
Filesize
31KB

MD5
09cefcf004fc38a09a41f3a96d11f061

SHA1
85ab9be391baa61150a356fef75507b37df9dcbe

SHA256
1471b21e7500fdd29ab2fc6551037eabe12e24dd51086b76db5cd5125d73d45e

SHA512
5fb64a6e3a0ae68b753a54a559843f5bffe0c3c4ea4cfb5536a179248bcc4e10e23bf7d0ffd6056a68565006b1f0607e6941d8cc5db5dc12cb71d6946aa96954

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\shiboken6\VCRUNTIME140_1.dll
Filesize
39KB

MD5
9c4211fb8d1dbb5a84dce8126db0e01b

SHA1
d86c2ed683085fc7ea73b50725899c32e82a6e9b

SHA256
764ed128d35a108c8bd2f2ab919b40f09ea7a24799249989f22bb41a115c7ff6

SHA512
5786919d28b57413a2e3d59d69e9c6c06bbffd7bc3cb784e4f8b1537b543584523a0d3a9364029466a46bf1bec1b12a861a3686f345fa176846f262ffab9965a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\shiboken6\shiboken6.abi3.dll
Filesize
294KB

MD5
45c5cbf2f2fe7fb695e1aa697b2df48f

SHA1
d38c389dc3d4d76a76062a92ce58e79dc472257d

SHA256
f4aece1ae6442ee8ba799adc9a3a0823d3c51d615c8c4753bfaf345853f4c968

SHA512
6d50638b134b810894c267711eb69f7082878e76f245f5cbf74bc078d027c66c204e6f0434190f6c5140a494b0bc81425ff12bead3f52638cb37d8f91b4e0bb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\ui_form.py
Filesize
49KB

MD5
ff710728d9d062a5ceada1457256c227

SHA1
0165a4cacd942e27fc2410b15038443222c51bb0

SHA256
b6dd91c929147c2790ee27b360b790de9dc1d9fc07cc63e34bb1b0ce82c1fe1b

SHA512
4b88a399ca2a2f22ea3c9084a8a4c23fce5a64ca26116a0b3e6a9299a7fbc7eaca143870b9f9a7bedd8a16bac6c845c8bcb13593dc8adce11f83c55523ec20fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22962\unicodedata.pyd
Filesize
1.1MB

MD5
d67ac58da9e60e5b7ef3745fdda74f7d

SHA1
092faa0a13f99fd05c63395ee8ee9aa2bb1ca478

SHA256
09e1d1e9190160959696aeddb0324667fef39f338edc28f49b5f518b92f27f5f

SHA512
9d510135e4106fef0640565e73d438b4398f7aa65a36e3ea21d8241f07fec7a23e721e8696b3605147e5ce5365684e84e8145001201a19d7537e8f61b20cf32c

Download Submit
memory/3992-220-0x00007FFB444C0000-0x00007FFB448FD000-memory.dmp

Filesize
4.2MB

Download
memory/3992-217-0x00007FFB457D0000-0x00007FFB45DF3000-memory.dmp

Filesize
6.1MB

Download
memory/3992-214-0x00007FFB451A0000-0x00007FFB457CD000-memory.dmp

Filesize
6.2MB

Download
memory/3992-200-0x00007FFB466C0000-0x00007FFB46A57000-memory.dmp

Filesize
3.6MB

Download
memory/3992-230-0x00000228FBF90000-0x00000228FBFA0000-memory.dmp

Filesize
64KB

Download
memory/3992-231-0x0000000061CC0000-0x0000000061D69000-memory.dmp

Filesize
676KB

Download