Overview

overview

10

Static

static

3

main.exe

windows10-ltsc_2021-x64

10

Resubmissions

02/04/2025, 12:53

250402-p43agswzfw 10

14/02/2025, 05:39

250214-gca3xstphr 10

Analysis

  • max time kernel
    18s
  • max time network
    52s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    02/04/2025, 12:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main.exe

  • Size

    7.2MB

  • MD5

    75a4c4a393ab704900d4e7b03928a898

  • SHA1

    6d252c3503f74df28a52aa86821fba3e7b2b4c1c

  • SHA256

    81ae30c871efc3f21a830d2c5d43a3b8067affbd43cee6cdaac71828a3501458

  • SHA512

    cf80b32fec27e41cb00bcddecebad2a59d456b8eef0bb101c8334c92db8da615ac7164bff9441eac499e59bcc72cc52ef01635bd69185561534ed7ba954a7baa

  • SSDEEP

    98304:ssJ/V6N+13gH5z4voNLZmjuAOZw3IvDiUFo0yfgdSiU8XvAx4aLZYyvJ83RxnPGA:b/35gZVHAr3hcdSyIx4ALiHPJd17YO

Score
10/10
defense_evasiondiscoveryevasionexploitransomwaretrojan

Malware Config

Signatures

  • Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 1 IoCs
    evasiontrojan
  • UAC bypass 3 TTPs 2 IoCs
    defense_evasiontrojan
  • Drops file in Drivers directory 1 IoCs
  • Possible privilege escalation attempt 2 IoCs
    exploit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 19 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
    discovery
  • Drops desktop.ini file(s) 36 IoCs
  • Drops file in System32 directory 4 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\main.exe
    "C:\Users\Admin\AppData\Local\Temp\main.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4708
    • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\main.exe
      C:\Users\Admin\AppData\Local\Temp\main.exe
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops desktop.ini file(s)
      • Drops file in System32 directory
      • Sets desktop wallpaper using registry
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4888
      • C:\Windows\SysWOW64\reg.exe
        reg delete "HKCU\Control Panel\Desktop" /v Wallpaper /f
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1304
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKCU\Control Panel\Desktop" /t REG_SZ /v Wallpaper /d "C:\Users\Admin\sigma.png" /f
        3⤵
        • Sets desktop wallpaper using registry
        • System Location Discovery: System Language Discovery
        PID:472
      • C:\Windows\SysWOW64\takeown.exe
        takeown /f c:\windows\Boot\ /r /d N
        3⤵
        • Possible privilege escalation attempt
        • Modifies file permissions
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3052
      • C:\Windows\SysWOW64\icacls.exe
        icacls c:\windows\Boot\ /grant everyone:(f) /t /c
        3⤵
        • Possible privilege escalation attempt
        • Modifies file permissions
        • System Location Discovery: System Language Discovery
        PID:1428
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
        3⤵
        • Modifies Windows Defender DisableAntiSpyware settings
        • System Location Discovery: System Language Discovery
        PID:3260
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
        3⤵
        • UAC bypass
        • System Location Discovery: System Language Discovery
        PID:424
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKLM\SOFTWARE\Microsoft\PolicManager\default\Start" /v HideShutDown /t REG_DWORD /d 1 /f
        3⤵
        • System Location Discovery: System Language Discovery
        PID:396
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKLM\SOFTWARE\Microsoft\PolicManager\default\Start" /v HideRestart /t REG_DWORD /d 1 /f
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5128
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
        3⤵
        • UAC bypass
        • System Location Discovery: System Language Discovery
        PID:2764
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKCR\Software\Policies\Microsoft\Windows\System" /v DisableCMD /t REG_DWORD /d 1 /f
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:5920
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKCR\Software\Policies\Microsoft\Windows\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:5780
      • C:\Windows\SysWOW64\reg.exe
        reg delete "HKLM\SOFTWARE" /f
        3⤵
          PID:6544
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4124

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
        Filesize

        307KB

        MD5

        5b11e17569178fa75e58824b21550fcc

        SHA1

        5eeb0621aca12585d5bd931383337d0aa4b38513

        SHA256

        6b9f518a806ad58d30ef246712db2160192b83d17eb29efaef77479002d69feb

        SHA512

        f7fafefec9d8e76662a774dae37b5a8eafc0a48499eae02cd0c886f8113cab8d01dbaffd760ef805b9349cb44a9f517afba10bf4c262bec5f7de2284544c5308

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd
        Filesize

        71KB

        MD5

        ff5ac8fb724edb1635e2ad985f98ee5b

        SHA1

        24c4ab38a9d92c0587e540b2a45c938a244ef828

        SHA256

        b94f64fcb49f40682ed794fa1940a1dc0c8a28f24a1768d3bfe774cf75f59b62

        SHA512

        eac95da6496a18fcbd084b34114bcb0e9be3cfa9b55ba121fc09081ecf9e0b20dc9123f06730a687f052ecdf797716024643100bd8c1adbd046db0075ac15956

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd
        Filesize

        65KB

        MD5

        a4bd8e0c0597a22c3f0601fe798668aa

        SHA1

        5f4a7a23bcdb2d32fb15997536cddfd7f2bf7ca8

        SHA256

        96b0a3cfc16e215f0ef5d1e206f0137b4255005052720e91a58bc98cde8c898e

        SHA512

        7b325ab8b1978b8e8b23aad5714855b96c4c4284f7618475187a8d9043b04c4f79e6953c7d2b03981f34d31e7bd7d21747891d47dedd4f8f7646d3281f779ac0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tk86t.dll
        Filesize

        1.1MB

        MD5

        6cadec733f5be72697d7112860a0905b

        SHA1

        6a6beeef3b1bb7c85c63f4a3410e673fce73f50d

        SHA256

        19f70dc79994e46d3e1ef6be352f5933866de5736d761faa8839204136916b3f

        SHA512

        e6b3e52968c79d4bd700652c1f2ebd0366b492fcda4e05fc8b198791d1169b20f89b85ec69cefa7e099d06a78bf77ff9c3274905667f0c94071f47bafad46d79

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\_ctypes.pyd
        Filesize

        105KB

        MD5

        9db2d9962cbd754e91b40f91cbc49542

        SHA1

        945ae09f678a4ca5f917339c304e5922e61dd588

        SHA256

        6a6df7d77b7a5552d8443bd1b98f681ad2e6b5a8acf7ade542dd369beab7e439

        SHA512

        a9d522f5768d265e2dca80faea239cc0ba7bec715d23058571651f8b61402650c01f3bca7f4d10e6806c8a553e79569dc852381d44169f535d63e85148d24e29

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\_hashlib.pyd
        Filesize

        31KB

        MD5

        e84e1ba269371e439c2d52024aca6535

        SHA1

        2abac4b3eb0ab5cbb86efd964089833cd3bd164f

        SHA256

        2fcb297733e6080480ac24cf073ff5e239fb02a1ce9694313c5047f9c58d781b

        SHA512

        22eaa0f42895eba9ab24fe1e33ef6767b2efa18529794d070858f15e116228d087fe7d3db655a564e52eb2ea01bf4a651f0f82417e0fccca8f770057b165d78c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\_lzma.pyd
        Filesize

        180KB

        MD5

        65880a33015af2030a08987924ca737b

        SHA1

        931009f59c5639a81bc545c5eff06653cc1aff82

        SHA256

        a71366b95d89d1539a6ee751d48a969c1bca1aa75116424cc5f905f32a625eea

        SHA512

        7099208d7044cae5d9f79ca8c2ef0e0ea4a1066857ddff74d48ff4a6cebc6db679bcde4d64a9925d266542a63889bd300eeb33291db53adcee1df3ad575028db

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\_queue.pyd
        Filesize

        23KB

        MD5

        8807dc228bb761439dc6525a2966e27e

        SHA1

        cb9e8e230eb8a684dec8886a856ec54ff1d2c682

        SHA256

        b7ed6dfb6882e8ec4267d9f80cd5b1dc0a43519382fcb72ab5e74c47875c209d

        SHA512

        def98c22bad3f32ea4caceead743c0fd775cfa4f5287ad8a4728830e10b7352ccc45646e9d8cbffd7d51ae71a6bff1bca38fcefb49c0530a6b69e38edec2ffb3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\_ssl.pyd
        Filesize

        102KB

        MD5

        cc5c8eb32acb2261c42a7285d436cca9

        SHA1

        4845cde2d307e84e3076015a71f8ebc733aa71da

        SHA256

        07ea50e536886f68473635ffefcfcaa7266e63c478ef039ba100ddf02f88ce61

        SHA512

        352f3201a0f47e7741c3c9bfa207769f1afe287a9e9f4e6879d37b2a9cf7fc6ace02ebf0de1ad4a5847134bc3adfeee748f955d8d554b0f552d0e98703c6cd88

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\_tkinter.pyd
        Filesize

        56KB

        MD5

        e46970e8eb0061df01347a3723140e77

        SHA1

        207b9253e921832c75ce663112728fbb0d340699

        SHA256

        71c4545cee713f26cf2f910a08340dd519c4713b8416479f74b0b9e2683c85d5

        SHA512

        109f40466c0d09bc2606e99ac57f631df89d7490b2d8d17bf3c5e8423fb2d76f7199db1181ea0cd089a80e5b4a9018e575bf12cd0a8542d3e18617885c9a37df

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\charset_normalizer\md.pyd
        Filesize

        9KB

        MD5

        27cc5f8716ce37c834be9d61233a2685

        SHA1

        f6083f9737f7dec59d7a6063e52b8af53fe05550

        SHA256

        52a5c53f1505a252854c1c7ab13c635118bffa1b555261002bc587f6e3d42850

        SHA512

        8a29a6b3d6ba5b5ef16c6db82d57c2f4ee6b7c25bd8c593e0d5160c8f66b44f7da0560421fdac88b8879b76f4da4f412aea1c98bcfb0ea62e07f1f2d4abc9b9c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\charset_normalizer\md__mypyc.pyd
        Filesize

        100KB

        MD5

        e2fa4e72aefd808f0b99d0df625e547d

        SHA1

        b4a0fe36732d9a9d2aadbfaf3fcf59b9da0f0a6b

        SHA256

        c2ddbc95e4160914b3460af68dae3c131a42142acb74ddd3c03af23c75ce27a3

        SHA512

        dee70cae8096b931889545bb51fba650a1f6890fc67dc8f8980c5423fc798a117622bdaa00e5099c5ae77e7163b6a34788221bcb1fe33e1e01912e0b5ad7550a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\libcrypto-1_1.dll
        Filesize

        2.1MB

        MD5

        c0e55a25dd5c5447f15eed0ca6552ab7

        SHA1

        467bc011e0224df3e6b73ac3b88a97b911cc73b8

        SHA256

        9fefba93fa3300732b7e68fb3b4dbb57bf2726889772a1d0d6694a71820d71f3

        SHA512

        090b03626df2f26e485fea34f9e60a35c9d60957fbcc2db9c8396a75a2b246669451cc361eb48f070bbc051b12e40cacf2749488ebb8012ba9072d9f0b603fa6

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\libssl-1_1.dll
        Filesize

        524KB

        MD5

        5adb49cc84abd6d3c8f959ca5a146ad7

        SHA1

        90faa543515960b2d47554b86d2478105497d853

        SHA256

        f4d5df50bdf3e7304c67c81ace83263c8d0f0e28087c6104c21150bfeda86b8d

        SHA512

        bf184a25e32bea2ac7d76d303562118eaa87bb5cd735142d6aa5a1a9247290d28c45476842e22c61e47a06316595834f8c0ebb35dfc622fe2f02a1e44a91e5d8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\main.exe
        Filesize

        9.4MB

        MD5

        78d47b4cb67674294b10d844ac2f38da

        SHA1

        4b124642ca55e756cf91337aea81706eb5e1037a

        SHA256

        2b493ea96c3577bc9e4805660fb9cd3aa5ffbe0d726aa43d8626f636eda28576

        SHA512

        da4a971b3098a944cf6a3f06e8de65e082c10cffa25b82cd1c3003819dbba134bdf5297696f4df78ed96e026f17f3ee0949c5ab01f74e3bac086a1470bcf681e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\python37.dll
        Filesize

        3.4MB

        MD5

        d49eac0faa510f2b2a8934a0f4e4a46f

        SHA1

        bbe4ab5dae01817157e2d187eb2999149a436a12

        SHA256

        625ca7bb2d34a3986f77c0c5ce572a08febfcacf5050a986507e822ff694dcaa

        SHA512

        b17f3370ecd3fe90b928f4a76cbad934b80b96775297acc1181b18ede8f2c8a8301d3298bafa4402bce4138df69d4b57e00e224a4ddbb0d78bb11b217a41a312

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\select.pyd
        Filesize

        22KB

        MD5

        6a796088cd3d1b1d6590364b9372959d

        SHA1

        3de080d32b14a88a5e411a52d7b43ff261b2bf5e

        SHA256

        74d8e6a57090ba32cf7c82ad9a275351e421842d6ec94c44adbba629b1893fa7

        SHA512

        582d9a3513724cc197fd2516528bfd8337f73ae1f5206d57f683bf96367881e8d2372be100662c67993edecfbd7e2f903c0be70579806a783267b82f32abd200

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tcl86t.dll
        Filesize

        1.3MB

        MD5

        30195aa599dd12ac2567de0815ade5e6

        SHA1

        aa2597d43c64554156ae7cdb362c284ec19668a7

        SHA256

        e79443e9413ba9a4442ca7db8ee91a920e61ac2fb55be10a6ab9a9c81f646dbb

        SHA512

        2373b31d15b39ba950c5dea4505c3eaa2952363d3a9bd7ae84e5ea38245320be8f862dba9e9ad32f6b5a1436b353b3fb07e684b7695724a01b30f5ac7ba56e99

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tcl8\8.5\msgcat-1.6.1.tm
        Filesize

        33KB

        MD5

        db52847c625ea3290f81238595a915cd

        SHA1

        45a4ed9b74965e399430290bcdcd64aca5d29159

        SHA256

        4fdf70fdcedef97aa8bd82a02669b066b5dfe7630c92494a130fc7c627b52b55

        SHA512

        5a8fb4ada7b2efbf1cadd10dbe4dc7ea7acd101cb8fd0b80dad42be3ed8804fc8695c53e6aeec088c2d4c3ee01af97d148b836289da6e4f9ee14432b923c7e40

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tcl\auto.tcl
        Filesize

        20KB

        MD5

        5e9b3e874f8fbeaadef3a004a1b291b5

        SHA1

        b356286005efb4a3a46a1fdd53e4fcdc406569d0

        SHA256

        f385515658832feb75ee4dce5bd53f7f67f2629077b7d049b86a730a49bd0840

        SHA512

        482c555a0da2e635fa6838a40377eef547746b2907f53d77e9ffce8063c1a24322d8faa3421fc8d12fdcaff831b517a65dafb1cea6f5ea010bdc18a441b38790

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tcl\encoding\cp1252.enc
        Filesize

        1KB

        MD5

        5900f51fd8b5ff75e65594eb7dd50533

        SHA1

        2e21300e0bc8a847d0423671b08d3c65761ee172

        SHA256

        14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

        SHA512

        ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tcl\http1.0\pkgIndex.tcl
        Filesize

        735B

        MD5

        10ec7cd64ca949099c818646b6fae31c

        SHA1

        6001a58a0701dff225e2510a4aaee6489a537657

        SHA256

        420c4b3088c9dacd21bc348011cac61d7cb283b9bee78ae72eed764ab094651c

        SHA512

        34a0acb689e430ed2903d8a903d531a3d734cb37733ef13c5d243cb9f59c020a3856aad98726e10ad7f4d67619a3af1018f6c3e53a6e073e39bd31d088efd4af

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tcl\init.tcl
        Filesize

        23KB

        MD5

        b900811a252be90c693e5e7ae365869d

        SHA1

        345752c46f7e8e67dadef7f6fd514bed4b708fc5

        SHA256

        bc492b19308bc011cfcd321f1e6e65e6239d4eeb620cc02f7e9bf89002511d4a

        SHA512

        36b8cdba61b9222f65b055c0c513801f3278a3851912215658bcf0ce10f80197c1f12a5ca3054d8604da005ce08da8dcd303b8544706b642140a49c4377dd6ce

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tcl\opt0.4\pkgIndex.tcl
        Filesize

        607B

        MD5

        92ff1e42cfc5fecce95068fc38d995b3

        SHA1

        b2e71842f14d5422a9093115d52f19bcca1bf881

        SHA256

        eb9925a8f0fcc7c2a1113968ab0537180e10c9187b139c8371adf821c7b56718

        SHA512

        608d436395d055c5449a53208f3869b8793df267b8476ad31bcdd9659a222797814832720c495d938e34bf7d253ffc3f01a73cc0399c0dfb9c85d2789c7f11c0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tcl\package.tcl
        Filesize

        22KB

        MD5

        55e2db5dcf8d49f8cd5b7d64fea640c7

        SHA1

        8fdc28822b0cc08fa3569a14a8c96edca03bfbbd

        SHA256

        47b6af117199b1511f6103ec966a58e2fd41f0aba775c44692b2069f6ed10bad

        SHA512

        824c210106de7eae57a480e3f6e3a5c8fb8ac4bbf0a0a386d576d3eb2a3ac849bdfe638428184056da9e81767e2b63eff8e18068a1cf5149c9f8a018f817d3e5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tcl\tclIndex
        Filesize

        5KB

        MD5

        e127196e9174b429cc09c040158f6aab

        SHA1

        ff850f5d1bd8efc1a8cb765fe8221330f0c6c699

        SHA256

        abf7d9d1e86de931096c21820bfa4fd70db1f55005d2db4aa674d86200867806

        SHA512

        c4b98ebc65e25df41e6b9a93e16e608cf309fa0ae712578ee4974d84f7f33bcf2a6ed7626e88a343350e13da0c5c1a88e24a87fcbd44f7da5983bb3ef036a162

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tcl\tm.tcl
        Filesize

        11KB

        MD5

        f9ed2096eea0f998c6701db8309f95a6

        SHA1

        bcdb4f7e3db3e2d78d25ed4e9231297465b45db8

        SHA256

        6437bd7040206d3f2db734fa482b6e79c68bcc950fba80c544c7f390ba158f9b

        SHA512

        e4fb8f28dc72ea913f79cedf5776788a0310608236d6607adc441e7f3036d589fd2b31c446c187ef5827fd37dcaa26d9e94d802513e3bf3300e94dd939695b30

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\button.tcl
        Filesize

        20KB

        MD5

        309ab5b70f664648774453bccbe5d3ce

        SHA1

        51bf685dedd21de3786fe97bc674ab85f34bd061

        SHA256

        0d95949cfacf0df135a851f7330acc9480b965dac7361151ac67a6c667c6276d

        SHA512

        d5139752bd7175747a5c912761916efb63b3c193dd133ad25d020a28883a1dea6b04310b751f5fcbe579f392a8f5f18ae556116283b3e137b4ea11a2c536ec6b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\entry.tcl
        Filesize

        16KB

        MD5

        be28d16510ee78ecc048b2446ee9a11a

        SHA1

        4829d6e8ab8a283209fb4738134b03b7bd768bad

        SHA256

        8f57a23c5190b50fad00bdee9430a615ebebfc47843e702374ae21beb2ad8b06

        SHA512

        f56af7020531249bc26d88b977baffc612b6566146730a681a798ff40be9ebc04d7f80729bafe0b9d4fac5b0582b76f9530f3fe376d42a738c9bc4b3b442df1f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\icons.tcl
        Filesize

        10KB

        MD5

        2652aad862e8fe06a4eedfb521e42b75

        SHA1

        ed22459ad3d192ab05a01a25af07247b89dc6440

        SHA256

        a78388d68600331d06bb14a4289bc1a46295f48cec31ceff5ae783846ea4d161

        SHA512

        6ecfbb8d136444a5c0dbbce2d8a4206f1558bdd95f111d3587b095904769ac10782a9ea125d85033ad6532edf3190e86e255ac0c0c81dc314e02d95cca86b596

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\listbox.tcl
        Filesize

        14KB

        MD5

        c33963d3a512f2e728f722e584c21552

        SHA1

        75499cfa62f2da316915fada2580122dc3318bad

        SHA256

        39721233855e97bfa508959b6dd91e1924456e381d36fdfc845e589d82b1b0cc

        SHA512

        ea01d8cb36d446ace31c5d7e50dfae575576fd69fd5d413941eebba7ccc1075f6774af3c69469cd7baf6e1068aa5e5b4c560f550edd2a8679124e48c55c8e8d7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\menu.tcl
        Filesize

        37KB

        MD5

        181ed74919f081eeb34269500e228470

        SHA1

        953eb429f6d98562468327858ed0967bdc21b5ad

        SHA256

        564ac0040176cc5744e3860abc36b5ffbc648da20b26a710dc3414eae487299b

        SHA512

        220e496b464575115baf1dede838e70d5ddd6d199b5b8acc1763e66d66801021b2d7cd0e1e1846868782116ad8a1f127682073d6eacd7e73f91bced89f620109

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\panedwindow.tcl
        Filesize

        5KB

        MD5

        2da0a23cc9d6fd970fe00915ea39d8a2

        SHA1

        dfe3dc663c19e9a50526a513043d2393869d8f90

        SHA256

        4adf738b17691489c71c4b9d9a64b12961ada8667b81856f7adbc61dffeadf29

        SHA512

        b458f3d391df9522d4e7eae8640af308b4209ce0d64fd490bfc0177fde970192295c1ea7229ce36d14fc3e582c7649460b8b7b0214e0ff5629b2b430a99307d4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\pkgIndex.tcl
        Filesize

        363B

        MD5

        a6448af2c8fafc9a4f42eaca6bf6ab2e

        SHA1

        0b295b46b6df906e89f40a907022068bc6219302

        SHA256

        cd44ee7f76c37c0c522bd0cfca41c38cdeddc74392b2191a3af1a63d9d18888e

        SHA512

        5b1a8ca5b09b7281de55460d21d5195c4ee086bebdc35fa561001181490669ffc67d261f99eaa900467fe97e980eb733c5ffbf9d8c541ede18992bf4a435c749

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\scale.tcl
        Filesize

        7KB

        MD5

        1ce32cdaeb04c75bfceea5fb94b8a9f0

        SHA1

        cc7614c9eade999963ee78b422157b7b0739894c

        SHA256

        58c662dd3d2c653786b05aa2c88831f4e971b9105e4869d866fb6186e83ed365

        SHA512

        1ee5a187615ae32f17936931b30fea9551f9e3022c1f45a2bca81624404f4e68022fcf0b03fbd61820ec6958983a8f2fbfc3ad2ec158433f8e8de9b8fcf48476

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\scrlbar.tcl
        Filesize

        12KB

        MD5

        4cbffc4e6b3f56a5890e3f7c31c6c378

        SHA1

        75db5205b311f55d1ca1d863b8688a628bf6012a

        SHA256

        6ba3e2d62bd4856d7d7ae87709fcaa23d81efc38c375c6c5d91639555a84c35d

        SHA512

        65df7ae09e06c200a8456748dc89095bb8417253e01ec4fdafb28a84483147ddc77aaf6b49be9e18a326a94972086a99044bee3ce5cf8026337dfc6972c92c04

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\spinbox.tcl
        Filesize

        15KB

        MD5

        9971530f110ac2fb7d7ec91789ea2364

        SHA1

        ab553213c092ef077524ed56fc37da29404c79a7

        SHA256

        5d6e939b44f630a29c4fcb1e2503690c453118607ff301bef3c07fa980d5075a

        SHA512

        81b4cec39b03fbeca59781aa54960f0a10a09733634f401d5553e1aaa3ebf12a110c9d555946fcdd70a9cc897514663840745241ad741dc440bb081a12dcf411

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\text.tcl
        Filesize

        32KB

        MD5

        03cc27e28e0cfce1b003c3e936797ab0

        SHA1

        c7fe5ae7f35c86ec3724f6a111eaaf2c1a18abe9

        SHA256

        bccc1039f0eb331c4bb6bd5848051bb745f242016952723478c93b009f63d254

        SHA512

        5091b10ee8446e6853ef7060ec13ab8cada0d6448f9081febd07546c061f69fc273bbf23ba7af05d8359e618dd68a5c27f0453480fe3f26e744db19bfcd115c7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\tk.tcl
        Filesize

        22KB

        MD5

        3250ec5b2efe5bbe4d3ec271f94e5359

        SHA1

        6a0fe910041c8df4f3cdc19871813792e8cc4e4c

        SHA256

        e1067a0668debb2d8e8ec3b7bc1aec3723627649832b20333f9369f28e4dfdbf

        SHA512

        f8e403f3d59d44333bce2aa7917e6d8115bec0fe5ae9a1306f215018b05056467643b7aa228154ddced176072bc903dfb556cb2638f5c55c1285c376079e8fe3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\ttk\cursors.tcl
        Filesize

        3KB

        MD5

        74596004dfdbf2ecf6af9c851156415d

        SHA1

        933318c992b705bf9f8511621b4458ecb8772788

        SHA256

        7bdffa1c2692c5d1cf67b518f9acb32fa4b4d9936ed076f4db835943bc1a00d6

        SHA512

        0d600b21db67bf9dadbdd49559573078efb41e473e94124ac4d2551bc10ec764846dc1f7674daa79f8d2a8aeb4ca27a5e11c2f30ede47e3ecee77d60d7842262

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\ttk\fonts.tcl
        Filesize

        5KB

        MD5

        7017b5c1d53f341f703322a40c76c925

        SHA1

        57540c56c92cc86f94b47830a00c29f826def28e

        SHA256

        0eb518251fbe9cf0c9451cc1fef6bb6aee16d62da00b0050c83566da053f68d0

        SHA512

        fd18976a8fbb7e59b12944c2628dbd66d463b2f7342661c8f67160df37a393fa3c0ce7fdda31073674b7a46e0a0a7d0a7b29ebe0d9488afd9ef8b3a39410b5a8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\tk\ttk\ttk.tcl
        Filesize

        4KB

        MD5

        e38b399865c45e49419c01ff2addce75

        SHA1

        f8a79cbc97a32622922d4a3a5694bccb3f19decb

        SHA256

        61baa0268770f127394a006340d99ce831a1c7ad773181c0c13122f7d2c5b7f6

        SHA512

        285f520b648f5ec70dd79190c3b456f4d6da2053210985f9e2c84139d8d51908296e4962b336894ee30536f09fae84b912bc2abf44a7011620f66cc5d9f71a8c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\unicodedata.pyd
        Filesize

        1.0MB

        MD5

        e176f984d22f031098d700b7f1892378

        SHA1

        52842cdd08a3745756054b2278952e036031f5d9

        SHA256

        46876fc52f1529c2633372d8e2cea5b08b5a8582f8645cfad8f5ff8128a7f575

        SHA512

        b9ca5c965bf6b09cd05994340bfc8d006b64c78f0478cc58dffcb2932a4b54f92bc31c34bcbd0692b60adc7d3a31f8a156a2bc84d77379d900926d1e42b181b3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\vcruntime140.dll
        Filesize

        84KB

        MD5

        ae96651cfbd18991d186a029cbecb30c

        SHA1

        18df8af1022b5cb188e3ee98ac5b4da24ac9c526

        SHA256

        1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

        SHA512

        42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\onefile_4708_133880720463723205\zstandard\backend_c.pyd
        Filesize

        571KB

        MD5

        04e65b54f8436341fc740bb09b52cce5

        SHA1

        f61d6682d3303a8afbd02e4f6fafdeece264dbd3

        SHA256

        81a30e89aa9d18a081404622055b1ecac88290032ec4dbf06f610af66e40c68c

        SHA512

        f17655fff9f02de2a59f46778219cc613b183aa6fa42e81c7479b493f7f709990493a3a53817b6598838a891c221c40b1bbcf62b230dade33c1f0847da7f24fb

        Download Submit

      • memory/4708-1005-0x0000000000EE0000-0x0000000001633000-memory.dmp

        Filesize

        7.3MB

        Download

      • memory/4888-1006-0x00000000002A0000-0x0000000000C20000-memory.dmp

        Filesize

        9.5MB

        Download

      • memory/4888-10253-0x00000000002A0000-0x0000000000C20000-memory.dmp

        Filesize

        9.5MB

        Download

      • memory/4888-16840-0x00000000002A0000-0x0000000000C20000-memory.dmp

        Filesize

        9.5MB

        Download

      • memory/4888-25073-0x00000000002A0000-0x0000000000C20000-memory.dmp

        Filesize

        9.5MB

        Download

      • memory/4888-31545-0x00000000002A0000-0x0000000000C20000-memory.dmp

        Filesize

        9.5MB

        Download