gh0strat | 98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a

Analysis

max time kernel
133s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-11-2024 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe
Size

324KB
MD5

16ad754d769309b0180d1807db49513b
SHA1

507c879d648c9a11359d26c3a2b0a1ad6ea9da2e
SHA256

98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a
SHA512

47f016104e43f8289bf616a0a4adf624b519a07e85fcba7800a5c9b2179ebca1ac350d4122ede0006089b2be0047aa1f957396bfd45289982fb5430539cb7381
SSDEEP

6144:iyqqPpD1un4MN/IeWhDEh2Ejc2BvxC08a3XdP4o53:xqQ1BMN/khDfmDp4o1

Score

10^/10

gh0strat discovery rat

Malware Config

Signatures

Gh0st RAT payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2456-124-0x0000000002D70000-0x0000000002DEB000-memory.dmp	family_gh0strat
behavioral2/memory/2456-138-0x0000000002CD0000-0x0000000002D67000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat
Gh0strat family
gh0strat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation	98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe

Executes dropped EXE 1 IoCs

Processes:

GuardingProcess.exe

pid process

2456 GuardingProcess.exe

Loads dropped DLL 26 IoCs

Processes:

GuardingProcess.exe

pid	process
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

GuardingProcess.exe

description	ioc	process
File opened (read-only)	\??\R:	GuardingProcess.exe
File opened (read-only)	\??\Y:	GuardingProcess.exe
File opened (read-only)	\??\Z:	GuardingProcess.exe
File opened (read-only)	\??\B:	GuardingProcess.exe
File opened (read-only)	\??\I:	GuardingProcess.exe
File opened (read-only)	\??\K:	GuardingProcess.exe
File opened (read-only)	\??\O:	GuardingProcess.exe
File opened (read-only)	\??\G:	GuardingProcess.exe
File opened (read-only)	\??\H:	GuardingProcess.exe
File opened (read-only)	\??\M:	GuardingProcess.exe
File opened (read-only)	\??\V:	GuardingProcess.exe
File opened (read-only)	\??\U:	GuardingProcess.exe
File opened (read-only)	\??\W:	GuardingProcess.exe
File opened (read-only)	\??\X:	GuardingProcess.exe
File opened (read-only)	\??\J:	GuardingProcess.exe
File opened (read-only)	\??\L:	GuardingProcess.exe
File opened (read-only)	\??\P:	GuardingProcess.exe
File opened (read-only)	\??\Q:	GuardingProcess.exe
File opened (read-only)	\??\E:	GuardingProcess.exe
File opened (read-only)	\??\N:	GuardingProcess.exe
File opened (read-only)	\??\S:	GuardingProcess.exe
File opened (read-only)	\??\T:	GuardingProcess.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
3764	4384	WerFault.exe	98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe
5104	4384	WerFault.exe	98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exeGuardingProcess.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GuardingProcess.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

GuardingProcess.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GuardingProcess.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	GuardingProcess.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

GuardingProcess.exe

pid	process
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe
2456	GuardingProcess.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

GuardingProcess.exe

pid process

2456 GuardingProcess.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exeGuardingProcess.exe

pid	process
4384	98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe
4384	98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe
2456	GuardingProcess.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe

description	pid	process	target process
PID 4384 wrote to memory of 2456	4384	98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe	GuardingProcess.exe
PID 4384 wrote to memory of 2456	4384	98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe	GuardingProcess.exe
PID 4384 wrote to memory of 2456	4384	98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe	GuardingProcess.exe

C:\Users\Admin\AppData\Local\Temp\98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe
"C:\Users\Admin\AppData\Local\Temp\98d55fe54dcf85327c13171541a781da4e70b298c70dc4b2ab602055c948412a.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Users\Public\Application\GuardingProcess.exe
  "C:\Users\Public\Application\GuardingProcess.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 1268
  2⤵
  - Program crash
  PID:3764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 1384
  2⤵
  - Program crash
  PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4384 -ip 4384
1⤵
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4384 -ip 4384
1⤵
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Application\0f40fc17.ppf

Filesize
576KB

MD5
d3ebb46fe98600196525388e4640542f

SHA1
896121e9eebebc4254fceff2fdc4a720b30a064a

SHA256
6298981b843d45da37192bc2c51e973b4193bb37de7b8ae9f78d63ccadaea6b7

SHA512
e7d8e420f0afac8bf972594f3fbbf490ea723fced207f8cd57657094e811fa273f051d9a7e69e62cca4bc30c81cb5b59cc80a3fc8f43abf35e350ed5a3778636

Download Submit
C:\Users\Public\Application\Config.ini

Filesize
126B

MD5
7ea5a7331f3f3f67623de27da8ce528d

SHA1
776850c48971a132a9590fc5c9bd8edefa68bd12

SHA256
eab5970b3366d3fb8fd2e03389c320898f5493e41b36d25cf6880be220912e6a

SHA512
6aca23f4d41f5c1bbad5739659a1585e84483c3f7abdc45f400e411574c144577815f58ba68719f6eb9b9ccd3351976978dc4050fde2fa1596f1121e21dd3369

Download Submit
C:\Users\Public\Application\DuiLib.dll

Filesize
1.5MB

MD5
a3b393d6604c40c51f9f28533161ab81

SHA1
19480433f1a094f135eff78e4b63c5b47411f333

SHA256
a830e40e43aef4d9d7b7eeb6d94c17cd2cb11be7f3ee8adce2399ec5c0a6049c

SHA512
12c460443ae98c0a57abe98e8d70802367d9fe2a14faf66164a094ffdb10ee6d8a6b41e4c96e58a423218f3653ea56d804ed15614ff6957948025f78389c3313

Download Submit
C:\Users\Public\Application\GuardingProcess.dat

Filesize
61B

MD5
3eedc83f00ff6c4a587e2d75765aadc7

SHA1
f2f899fd499582b837bd076918194019e8a83485

SHA256
605d128df9033084e7d0aa5b181df8b7cb9b61aebd76a9fcacdd70b3e4e78e36

SHA512
dbc624ac06a5f86e758ede3ade9de9ad778b92feea915ac2a8d085ebfbcd33ceca012e2bb513a325058db387060f3e2e392bfea490398739ee0dd685b122a470

Download Submit
C:\Users\Public\Application\GuardingProcess.exe

Filesize
346KB

MD5
b575cfefd5c7b14f4743ef2ad74b2736

SHA1
f433813501a7b5b96186bb02fe69ca01580627ed

SHA256
a38708da0db2003a1d14ed1e9d45a9ecb30a6294d472692f804ffb0cea70334b

SHA512
ea912b2589142f1a89ef84e503bf65999beb7aa76d2aa50e1e7edc178bf841debed906fc11da555a004fc715f52fa09baf3a3fe4b42c33e5c9cf811eba676e5e

Download Submit
C:\Users\Public\Application\MSVCP140.dll

Filesize
438KB

MD5
1fb93933fd087215a3c7b0800e6bb703

SHA1
a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb

SHA256
2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01

SHA512
79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

Download Submit
C:\Users\Public\Application\Plugin.dll

Filesize
271KB

MD5
27378e77fed60b91b9eacef55b10d3a2

SHA1
603050de753ae268e09aca9e37b30ac4e647b6b7

SHA256
553920c1b7dbcabcd18e8a17a3f0b3bd91f3fd2a3375a6163c8e85d441cb8a18

SHA512
95be8277a4ceaf29a2c7bbba6f8e06fb894bb883ff457e08851352dd751375f94c551a78204fc30838aa2c4a6741f49e30bfa6f0b6a6f0287c5d77b0e9ed6c6d

Download Submit
C:\Users\Public\Application\QKGuide.dll

Filesize
893KB

MD5
057d333133ba16ad86fa644e8b28adf7

SHA1
7542ae74dbcaef4fd60e82937080efa1c2ac954f

SHA256
51d34fdf50a1542a86f2befa3e0f7615832558d29e41cf92c9206b44b67e1350

SHA512
83a61c8da999bdcc3bb47b47d8aeea3fb8605404cda949acb91bb0b7aaba7d1c854f7cf44d8d5ba81d5be5d2c3dfc5babf66f72bf1137c2786b34bd32b853e78

Download Submit
C:\Users\Public\Application\QKHook.dll

Filesize
24KB

MD5
32f12897dbfad3149821d503013c6a28

SHA1
52fc6755add14e6f6eb2b2f5a20d8022a32c8225

SHA256
93fcab146f4061b93e6566b1846cfefd05dae52afd763fdd261e6a0543436671

SHA512
c0547fb67c4d80e2d2744179c4b21d1e9b8694f53a6c843adc7e28df48b0e56c95c25b6cfc956f440d856add2bfc339b8178c820c28a09250854b5a57587db59

Download Submit
C:\Users\Public\Application\QKParameterMgr.dll

Filesize
35KB

MD5
1390bc15e3d2b403d962c6c6e9e77fee

SHA1
dab2a8a69cb014c682544c94efc2a9219fd603cc

SHA256
ae1cec46aaa7841b0d4e2dd719272821469be8121b32a60609b1bc3bfd5638d3

SHA512
e794d64bd63b8bbacdd59e8ad1b2b23011f07a8de70217082f56b710cadfec4f4579756eb693ceb9a223933366bb4058d26e7c5867d4c4e67988aa4532cbad5a

Download Submit
C:\Users\Public\Application\QKPhotoshopMgr.dll

Filesize
551KB

MD5
a1b899fd31bff8b4d87e2edd78006b31

SHA1
199280dabac2c32324c59ec8da76c0126e5710e7

SHA256
09c6a24b0714da6e4bef6ed8070f6986c005cd974c35a4f7a9f406b88ee038b3

SHA512
40d9466ee6ae644c19e9c2f505370ed647379c6d3389a908ad32f24ed0cf6ef95728192a443324fde3a312b1fd31a4eb3ea616881595dac6ee1b4a047b948a17

Download Submit
C:\Users\Public\Application\QKPlugin.dll

Filesize
307KB

MD5
216c638d1e32032145687d2e3851394a

SHA1
fdcb1cb31625a8023880a716205b29a1b7f71aa2

SHA256
965fd4c884b66a65c7b6800a43f1c6f9a0b5a5766606301494da227a8a80f35e

SHA512
5b50ad6f3a5aa25de08174df90db067676fb13991b93bcadba2698b0e69c096f46892467b1d6f75227825447b9eedbf40f6415d8804115fa3201a43bd7360bd0

Download Submit
C:\Users\Public\Application\QKRecord.dll

Filesize
353KB

MD5
428f062a15575599e0fcbef2374754a8

SHA1
5dacffd79a14ac1b3b0377885460cc1bf1023810

SHA256
0553c54a2082a89b04bfa0a8373185ffcfa202523e98159a5e20012df1ce99b5

SHA512
492d4c4e35b55abc2f0517aa4fc3235bb88b115d7dc2b666f847f2b100d84b011eb9540675b60d3d68da4de6e49bff7253cd5428c991ac7ae521b73e0eacba27

Download Submit
C:\Users\Public\Application\QKResource.dll

Filesize
616KB

MD5
e471a8665c05062f45e343b7f89ad319

SHA1
58a98da8295458c073d10622158a6a53a20be534

SHA256
1f75c77513b2554d94c692d6e7a00b674dcec354913159aea7f324062a4fa798

SHA512
f033a1e8044b070a8f2ad4fe97e06f810747988ce5bb269bd6a502b39c24158ce0a150305666b73de74252762371e5d091ed258fc11e94259c78bcaba04dfc46

Download Submit
C:\Users\Public\Application\alibabacloud-oss-cpp-sdk.dll

Filesize
1.0MB

MD5
0aaeb781e651be69f6d643a72b15c6cb

SHA1
8be4066c628629ffe77254c2cc452aecc1fee8dc

SHA256
e9359d5c42b6767d63525ae73eb194a88c3e68111cee4ec1a2bdbb8ecf530bb9

SHA512
c6f1af6bb30005f8b89951612961ef8db706d39ace2e674cf54a14445fdfcfe8cf8c5762fe04406b9d87154a919cc47e251eaefd9cbd15e00b2ecf471854e6f5

Download Submit
C:\Users\Public\Application\concrt140.dll

Filesize
243KB

MD5
8651e6272e310d5c64d0c91ca975b029

SHA1
0e2433c8771ac420b5684c79e96eb7e206350757

SHA256
b721897db5542d5b0c970ec624440442ed9ae781e55147feb9ff264f70f66cde

SHA512
d99d049b9ae9f7bcf9e6737b26a90f544a08ff49e06fdc39617b869eb97676024e18ba42e680db255a8a04f323de494dd8e7b706007e9b961c78a64cdf078ff6

Download Submit
C:\Users\Public\Application\libcurl.dll

Filesize
552KB

MD5
b58a42118168c1c18a26acbc353b2ec0

SHA1
c1a048e3a941972cabf9d91be5b28df189d0a3bd

SHA256
762d69078a248a0c99344ae69b1f84c3f85c332b878869e054be67825423ec0b

SHA512
58339b6c26f5fbda2a12bd84e88b41c4bee407ae53da3b72ca2b2ddddd49f64ea75096feb57d654aa748b7eaa83190b417933c0ac43b5819ef32db46b29db770

Download Submit
C:\Users\Public\Application\libeay32.dll

Filesize
1.2MB

MD5
1707bc560de9c69ae7325b6f63c8ec96

SHA1
d15e908a921cd17fbcfe0000b264d52e8fd413e7

SHA256
648a673ec8504f8255de37996a21895279985e011124e8ff2c7249271d5890cb

SHA512
941b3a76d43626d3d8e369437b83e63689eb3f8ecf90737a2d2df8df1c38e19e02146938af12d0fa9850ba3154ad60d74c5e4b80cae4ff6e3bff9d2583538ad5

Download Submit
C:\Users\Public\Application\libmysql.dll

Filesize
3.5MB

MD5
fcd72aa6a80b75556057d77b729f17c5

SHA1
8689cd54043136e644c82cb8eae419a5d43289ca

SHA256
6a59443d3a5cf8572e2e80b5987040ddbf2630e14036204a3bf77ce27e02d918

SHA512
e2c7c02ec1b997c3888ce20e8a3ac4c84a4e36a6e1c37aaf1a65983096ba64e60fbe61ca988821a1807872e9bf284cc577938db5957abcb57555321a7e36c7ba

Download Submit
C:\Users\Public\Application\mfc140u.dll

Filesize
4.8MB

MD5
06f307b7ddb0994b448b9786cf5811b8

SHA1
4d70c5206e84b23916e4c686f430e5dcdc70dfc3

SHA256
dde3c8e9e7d414913a29979798311d095c1b8869ee405a1c3fcbba14da90446d

SHA512
b26bcfca4569ce9fb4b7196c952ce38b0e3a30aeff2e7ac4b2ea1c695c658c1d92029fb7e31ad231e62de8dff2a86ab3821aa1f9d5c944d88b263d88efeca16a

Download Submit
C:\Users\Public\Application\msc.dll

Filesize
1.7MB

MD5
18d35237d397e8396c30356ddb12dd9c

SHA1
8f86896fd6f884f05c48c3034b7b55b7d9e50a5a

SHA256
1c1f3b6df9347b864ac879ef841196b97ed02f5be941fd490817831889b97b84

SHA512
e2e1e1fdb6e161b28e90236edd0b35d3b91f507161b50615caaaa8f9484946c72ea35298838e1b538e4d2801aff9cece97b89447e78a3dc2ae4fdc962a26c5c3

Download Submit
C:\Users\Public\Application\opencv_core2413.dll

Filesize
1.9MB

MD5
b83a304b66f3c9799cae2be75bec361b

SHA1
d7ccc4067af699e62f9a7f9001589d3d8c7f4ac6

SHA256
b0f02252f1cee1826f3b193e682344a8d9785e424e8009b60a7700e5c88271c8

SHA512
dfa3dfa9faf6a85af25fa4f12726ec27075053112e9455461e435ff424bff0635bd624c39c2e15f962b4aab3a6374b23024e7d805e0e8f2d54df1f92e7edd6f2

Download Submit
C:\Users\Public\Application\opencv_highgui2413.dll

Filesize
1.9MB

MD5
f6a0b1bf98161f7231039f6ffceee155

SHA1
7f888d40d50ae85490e2126c9f9a14ce78d4c7d0

SHA256
1ad5b3f2447a6d48e3ade61cbdc4abb0f18f3dbc8b7dcd3b050d60c68197d0df

SHA512
69ea3f74d40a5aecedb5ea120e01a5cd348af9542f16124973b028a3e2965d3d63a804d0bab1bdd4b548e55f8bb21365605b241891993177cfc08608d895764b

Download Submit
C:\Users\Public\Application\opencv_imgproc2413.dll

Filesize
1.6MB

MD5
27e2d298d6905a73ea98b7a2c4c889c5

SHA1
600eb3e14e20f91c7e9788bf3cde864f9e1bc17c

SHA256
f67e68461b7fa1bdf83b00020affc17c203e5d5fb6d051c00d2654e181115f8f

SHA512
751cceddd052cb3a540b842ed9a69f0842f3c1a5d503555ba990838550b0e784dafc577e0070383af7cfe36bf51a4944b9a9fadfbcfdbcc92ba6deb52ff30f95

Download Submit
C:\Users\Public\Application\task.dat

Filesize
98B

MD5
c05f8fea00692e919576b90daf22aa9f

SHA1
f035bd1228b6ff9de85620584ac9ce709c48867c

SHA256
3351d1a3969a52905c0faae40992a31c705e8c556f41fa358e66521a71863211

SHA512
52c7c4ea1c9f8ca6a946e70fb2652438eba5cca0d3a9e96bbfda8d6c593c1d0168fd6de098481bef5fa8689b6798e9ef4d21539ec6c2e4e0201cdf3daef86432

Download Submit
C:\Users\Public\Application\vcruntime140.dll

Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
memory/2456-116-0x0000000000E70000-0x0000000000F9D000-memory.dmp

Filesize
1.2MB

Download
memory/2456-122-0x0000000002CD0000-0x0000000002D67000-memory.dmp

Filesize
604KB

Download
memory/2456-124-0x0000000002D70000-0x0000000002DEB000-memory.dmp

Filesize
492KB

Download
memory/2456-138-0x0000000002CD0000-0x0000000002D67000-memory.dmp

Filesize
604KB

Download