Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

64d466a988...27.exe

windows7-x64

10

64d466a988...27.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    20s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627.exe

  • Size

    234KB

  • MD5

    69449d731033652095164c586762b548

  • SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

  • SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

  • SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

  • SSDEEP

    3072:k9wShh9nsKHcQZYxIs1T+Z3edjHDN4HZ4s8ENObhb5npLdnUInuy+iMS3h0qmeE:kThh9sKHRFnWs8ENOblJUIurS3h0qe

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 4 IoCs
    persistence
  • Modifies system executable filetype association 2 TTPs 4 IoCs
    persistence
  • Modifies visibility of file extensions in Explorer 2 TTPs 4 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 4 IoCs
    evasion
  • Windows security bypass 2 TTPs 12 IoCs
    evasiontrojan
  • Disables use of System Restore points 1 TTPs
    evasion
  • Executes dropped EXE 12 IoCs
  • Sets file execution options in registry 2 TTPs 32 IoCs
    persistence
  • Windows security modification 2 TTPs 16 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 20 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 21 IoCs
  • Drops file in Windows directory 57 IoCs
  • Modifies registry class 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 4 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs
  • System policy modification 1 TTPs 8 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627.exe
    "C:\Users\Admin\AppData\Local\Temp\64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Modifies system executable filetype association
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • Windows security bypass
    • Sets file execution options in registry
    • Windows security modification
    • Adds Run key to start application
    • Enumerates connected drives
    • Modifies WinLogon
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:5080
    • C:\Windows\system\lsass.exe
      C:\Windows\system\lsass.exe
      2⤵
      • Modifies WinLogon for persistence
      • Modifies system executable filetype association
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Executes dropped EXE
      • Sets file execution options in registry
      • Windows security modification
      • Adds Run key to start application
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:4780
      • C:\Windows\system\lsass.exe
        C:\Windows\system\lsass.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:556
      • C:\Windows\system\smss.exe
        C:\Windows\system\smss.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2092
      • C:\Windows\system\svchost.exe
        C:\Windows\system\svchost.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1792
    • C:\Windows\system\smss.exe
      C:\Windows\system\smss.exe
      2⤵
      • Modifies WinLogon for persistence
      • Modifies system executable filetype association
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Executes dropped EXE
      • Sets file execution options in registry
      • Windows security modification
      • Adds Run key to start application
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:5036
      • C:\Windows\system\lsass.exe
        C:\Windows\system\lsass.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:4752
      • C:\Windows\system\smss.exe
        C:\Windows\system\smss.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:3872
      • C:\Windows\system\svchost.exe
        C:\Windows\system\svchost.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2664
    • C:\Windows\system\svchost.exe
      C:\Windows\system\svchost.exe
      2⤵
      • Modifies WinLogon for persistence
      • Modifies system executable filetype association
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Executes dropped EXE
      • Sets file execution options in registry
      • Windows security modification
      • Adds Run key to start application
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2132
      • C:\Windows\system\lsass.exe
        C:\Windows\system\lsass.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:112
      • C:\Windows\system\smss.exe
        C:\Windows\system\smss.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1260
      • C:\Windows\system\svchost.exe
        C:\Windows\system\svchost.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2736

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\WINDOWS.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\.exe
    Filesize

    234KB

    MD5

    ed99909915c1add72925c1071cf9162c

    SHA1

    c930e739b406b5420b458920ee455a8b7687d45c

    SHA256

    c4c3386852b42e609f30e7f56393bc0358daf586805d8809b67b1ca1b4a91a5f

    SHA512

    6d611cf9a2df4a153b0971324d63a6bdc013a297106601a9a0113995c1c2dda54957198b0a1a79202c7d5fcfda9cbc1f9d22a70154a56e01a8bf3be1a0c8323f

    Download Submit

  • C:\Windows\.exe
    Filesize

    234KB

    MD5

    94dce36930b426221c1dd1b382a4447e

    SHA1

    8ca8b72952135af9bb21a4d082747e9565f04627

    SHA256

    281897e01a508d7729ee833d7d5f80c1f5a546bd74f5e75a75be907329ace401

    SHA512

    bfcbc82fcc4b6b92b4805cdebb583ea85eec453ceb6a5fda19bda38f297390df356ae81372ec16e8cf45c0544f85d5d9a259f483c763ac8147ec59cd0ac0040f

    Download Submit

  • C:\Windows\.exe
    Filesize

    234KB

    MD5

    1bd3a77934134f76abfd7c75605027de

    SHA1

    08c5969ec16eb0736fc156087b341683f875a0ea

    SHA256

    c8c360be42511f35f981b018f8752415d274b6a1abcd8dc1410ab1951015d229

    SHA512

    6403891669f135eb87ef337d481a4ee24d7f75eeec7b17972cea6b28c5a1a932a57ebbbecd6c59afe059eeb730bc787da38531e201a2cdbb7cde89495c9866c7

    Download Submit

  • C:\Windows\ActiveX.exe
    Filesize

    234KB

    MD5

    4bac613f7a7192cd7cf5b88a8046118a

    SHA1

    6c57d43d4b585e0675345afc0b4ebf8208908359

    SHA256

    48ea50216b01c8cab6f712b38b2f38901c1ce516c3a867d84cd51a63c749318c

    SHA512

    8cfc3c910585cf461b51a050baece79ea51caa381d3b8f5c3bf1df0893a4520dff92adaa853e978082afa664535f6f78789ffc2d30ccc9719866a825f5ce3f78

    Download Submit

  • C:\Windows\ActiveX.exe
    Filesize

    234KB

    MD5

    72de6a378317c76785de5df348e90a0a

    SHA1

    7d1626144c9c01ff0266907eb061b27aa25d6873

    SHA256

    1b9ff8c002ec093f538308a6072b7ea510a8565287c42d020828ffc7ceb1bf51

    SHA512

    bc6dcec55985fd68944486e1e9bef4eda2925903d82d53b750d6f598927f2442b0501e74d889631490f66f2fbf8ad00f56fc8cea7e8f5fe4e8b46c534de9a823

    Download Submit

  • C:\Windows\ActiveX.exe
    Filesize

    234KB

    MD5

    0c37ac37bd68018e266abb34dc0aaa88

    SHA1

    889708c6082560961da8161bab82d7f703b38cda

    SHA256

    17e00982b137050c055ff605f8c4eb54d6cadd54f95a8d35ae646b454eeb399a

    SHA512

    034caf21729d56297e337303446387f09864fcefe584418128c7893e08b9e3fc31f32f9daefd50e159662528f8a0db89edadb724154e515fd8478635d548999f

    Download Submit

  • C:\Windows\SysWOW64\Oeminfo.ini
    Filesize

    106B

    MD5

    67fa4fca4bfa3de3aa2f9a7cf1b1df56

    SHA1

    beb76e7eace2503011d87c325a54c2a80420f84f

    SHA256

    cd7dfd7f48a4a8294808196e5870d541603c6cc3a686c8aca2423993f789b62e

    SHA512

    fe96f45ec32dbb982760421d9fc21c520cd9c8c8aefa994babbea6f3fa09a28f8a811d7385dc31f2abec53b48569d7a5632f08131e66bd3e32745ca0b0a6962d

    Download Submit

  • C:\Windows\SysWOW64\Oeminfo.ini
    Filesize

    106B

    MD5

    67fa4fca4bfa3de3aa2f9a7cf1b1df56

    SHA1

    beb76e7eace2503011d87c325a54c2a80420f84f

    SHA256

    cd7dfd7f48a4a8294808196e5870d541603c6cc3a686c8aca2423993f789b62e

    SHA512

    fe96f45ec32dbb982760421d9fc21c520cd9c8c8aefa994babbea6f3fa09a28f8a811d7385dc31f2abec53b48569d7a5632f08131e66bd3e32745ca0b0a6962d

    Download Submit

  • C:\Windows\SysWOW64\Oeminfo.ini
    Filesize

    106B

    MD5

    67fa4fca4bfa3de3aa2f9a7cf1b1df56

    SHA1

    beb76e7eace2503011d87c325a54c2a80420f84f

    SHA256

    cd7dfd7f48a4a8294808196e5870d541603c6cc3a686c8aca2423993f789b62e

    SHA512

    fe96f45ec32dbb982760421d9fc21c520cd9c8c8aefa994babbea6f3fa09a28f8a811d7385dc31f2abec53b48569d7a5632f08131e66bd3e32745ca0b0a6962d

    Download Submit

  • C:\Windows\SysWOW64\_default.pif
    Filesize

    234KB

    MD5

    c5b05eab662795e055bef89d66c244ed

    SHA1

    5249b7ef0a6e7894b8e69c0c7a6b5ac8c2419015

    SHA256

    c98f29326aace5d6de5c788cdbfbc386e91f4baa8d00e577245b3b7c30057274

    SHA512

    1b1ea45e671915cb3431fed8b5225418b60728b067c916c4b06234d80b7aa9538a72fc49759c9c8649e174a1524afee3d116d9820ef0ce1f5a54e52627e69817

    Download Submit

  • C:\Windows\SysWOW64\_default.pif
    Filesize

    234KB

    MD5

    5db54f1a84318bce1a6743cc87573c6e

    SHA1

    8fb823a98efa431fac2760b291f7b0267473a0ee

    SHA256

    e42bd5200b9a0cafe8daa079b8dea0b9c0a477b55547062fed05feed738079ae

    SHA512

    f94ff00d1664f8fab25e6b88c4afac7abce347fb5ab9aeb469104382f68c3eff77ba9284cb2734614e285bc8ffd95340a57962fc896ea976d1b08a9f2ab73824

    Download Submit

  • C:\Windows\SysWOW64\_default.pif
    Filesize

    234KB

    MD5

    5db54f1a84318bce1a6743cc87573c6e

    SHA1

    8fb823a98efa431fac2760b291f7b0267473a0ee

    SHA256

    e42bd5200b9a0cafe8daa079b8dea0b9c0a477b55547062fed05feed738079ae

    SHA512

    f94ff00d1664f8fab25e6b88c4afac7abce347fb5ab9aeb469104382f68c3eff77ba9284cb2734614e285bc8ffd95340a57962fc896ea976d1b08a9f2ab73824

    Download Submit

  • C:\Windows\SysWOW64\copy.pif
    Filesize

    234KB

    MD5

    840edf195206f0ba94470606c7d34fc2

    SHA1

    70b687f04ddfbb0b6c364f08860a6a59bbc64aad

    SHA256

    22bd1b0004158b6dff980228c2b687e568a1d827429359f8262ac1ac3d31027a

    SHA512

    3bc10f01c3fad99857cfec811e03a376cb9c90d7c2148e212cfa3511a880839bd2490011ccc48c97cbd2eaa8edb0564c3386594b67c69e5ecf4be47e8614a2e3

    Download Submit

  • C:\Windows\SysWOW64\copy.pif
    Filesize

    234KB

    MD5

    c7cf60f99ef6257bfac26819351acba7

    SHA1

    04958acfa01f49b59e73ea1132ff5088ae51ae0c

    SHA256

    3003e18ffdddf7ca8a9a545aa72f8e8c02970d6b73079b6ebe1f65b1d486cf10

    SHA512

    54ecef9d64678634ced1adc36f2ecb31cb0852452cd60c36d3d2788c2f33419f5ffdba61b8c34fb9f33504529160291a6237426e7a9ef8d8ec39f8ae3f7553a5

    Download Submit

  • C:\Windows\SysWOW64\copy.pif
    Filesize

    234KB

    MD5

    c7cf60f99ef6257bfac26819351acba7

    SHA1

    04958acfa01f49b59e73ea1132ff5088ae51ae0c

    SHA256

    3003e18ffdddf7ca8a9a545aa72f8e8c02970d6b73079b6ebe1f65b1d486cf10

    SHA512

    54ecef9d64678634ced1adc36f2ecb31cb0852452cd60c36d3d2788c2f33419f5ffdba61b8c34fb9f33504529160291a6237426e7a9ef8d8ec39f8ae3f7553a5

    Download Submit

  • C:\Windows\SysWOW64\surif.bin
    Filesize

    234KB

    MD5

    c594edbc07fd3742708eafa00ae53a93

    SHA1

    e1bc25d6fbb4cb74694c81a693651faa3be51382

    SHA256

    bf0e796fe5e4fe19b73070fb3e18632ac34367e7adafd5a87e140e22e9eac751

    SHA512

    af74b43bac9f818efcdbf046017bf7388b15795a3fc885a6e1ac882b6a0846fb54af0b4d811a86441c7fed04b5d143c7fbe82ee97852b7897ac606905fd9f20a

    Download Submit

  • C:\Windows\SysWOW64\surif.bin
    Filesize

    234KB

    MD5

    546bc3f528aa5859bcb7cb9c2f980605

    SHA1

    38da1d1919d00b24b7944273e090050b0d9b5783

    SHA256

    4d47491fac60ce04200261a6d1c83ed641fe65c5a28f2b9e2108144b7a82b478

    SHA512

    1c294645b79fcafe5101a16665d5a476430c10247fc7cc3b3b84f2aa639cc55c45d479d9987567dddc6d851cff53297d940f21bb549fb745df48e59b07d0eb6a

    Download Submit

  • C:\Windows\SysWOW64\surif.bin
    Filesize

    234KB

    MD5

    e87008b821a79a0296c7d32ff962eec8

    SHA1

    176d82772cd26ad8dc0b58b65844e60f30b1cfb4

    SHA256

    f8ebe7a3a8f9416edf3204d5eba68b23a95828242f3ac44546006db219ae0660

    SHA512

    f1e19194f7f3d5a2f85d9bfb55fa55ebfc8278cd90e523597d26dd6372127eb6181e6e15c5b32e4cf501634e36b3eef4faddaa515322f745d6f458920a33b9d3

    Download Submit

  • C:\Windows\System\lsass.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\lsass.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\lsass.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\lsass.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\smss.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\smss.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\smss.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\smss.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\svchost.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\svchost.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\svchost.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\System\svchost.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\system\csrss.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\system\lsass.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\system\smss.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\system\svchost.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\system\winlogon.exe
    Filesize

    234KB

    MD5

    69449d731033652095164c586762b548

    SHA1

    143e824c2032d2e51ed0b3412e6b8e5239c7e87f

    SHA256

    64d466a98837693bac1ac7dbc60392979431d6e210e0d6c4b42db62e8c6cf627

    SHA512

    cbaeb2424779f74cc4e9beac6736c2203e9355daef18b104a69891b4ff21764968d1579603b814aab95dd3be3d49699a1a1d052c6dc4e482a56138f04421d547

    Download Submit

  • C:\Windows\win32.exe
    Filesize

    234KB

    MD5

    8f2019a565987246e2415731ebc93f04

    SHA1

    c7128fd0d550d56d52284c147117e8586dbe57f7

    SHA256

    c1bf61c435a53ada7dc888cc44a531f21bbb31073e0d970e8bfd1a69d170ce9c

    SHA512

    b0fb0f1127e9c2be5c7bafa4c7f141ac7bac98391e5e933b836b6abb3b9bcd470e50a434e3b33b1ab43aa13c5ff4988f4131e0f1247f44279f82eeb09ef2030c

    Download Submit

  • C:\Windows\win32.exe
    Filesize

    234KB

    MD5

    a0d09225ecec2c7334158c5f6c76beb5

    SHA1

    26e1fc0501b36444b577763e25f14bacabbadf43

    SHA256

    df16008cf87048fba97ede2a73a992559e99bc3533b400ee3735d106fad38ef5

    SHA512

    1c0c77fc264150303220fcea631342544ba5a5e0c491e8a935ae63b61b6cd9845147925e85872ce1720bf4ea8c8c70b5747133b163b86e79a1f14b4795ea25cd

    Download Submit

  • C:\Windows\win32.exe
    Filesize

    234KB

    MD5

    a0d09225ecec2c7334158c5f6c76beb5

    SHA1

    26e1fc0501b36444b577763e25f14bacabbadf43

    SHA256

    df16008cf87048fba97ede2a73a992559e99bc3533b400ee3735d106fad38ef5

    SHA512

    1c0c77fc264150303220fcea631342544ba5a5e0c491e8a935ae63b61b6cd9845147925e85872ce1720bf4ea8c8c70b5747133b163b86e79a1f14b4795ea25cd

    Download Submit

  • C:\baca euy.txt
    Filesize

    4B

    MD5

    0ae9bcd0c0b0aa5aab99d84beca26ce8

    SHA1

    95ae2add76d30dc377e774ec0d5abc17a7832865

    SHA256

    91a4e2f100227487a802ac040b85700f03520b347fbfe4c23b7bf2d97b43d9fa

    SHA512

    2e5bce2521d799135a10bb14cc127a0f794d8cdd2bcd97ed90a7f2d4279f72abaf45a58daf7635472b3d845db21f13f03708fc40f89b1963c8344a89df2b3bd0

    Download Submit

  • C:\baca euy.txt
    Filesize

    4B

    MD5

    0ae9bcd0c0b0aa5aab99d84beca26ce8

    SHA1

    95ae2add76d30dc377e774ec0d5abc17a7832865

    SHA256

    91a4e2f100227487a802ac040b85700f03520b347fbfe4c23b7bf2d97b43d9fa

    SHA512

    2e5bce2521d799135a10bb14cc127a0f794d8cdd2bcd97ed90a7f2d4279f72abaf45a58daf7635472b3d845db21f13f03708fc40f89b1963c8344a89df2b3bd0

    Download Submit

  • C:\baca euy.txt
    Filesize

    4B

    MD5

    0ae9bcd0c0b0aa5aab99d84beca26ce8

    SHA1

    95ae2add76d30dc377e774ec0d5abc17a7832865

    SHA256

    91a4e2f100227487a802ac040b85700f03520b347fbfe4c23b7bf2d97b43d9fa

    SHA512

    2e5bce2521d799135a10bb14cc127a0f794d8cdd2bcd97ed90a7f2d4279f72abaf45a58daf7635472b3d845db21f13f03708fc40f89b1963c8344a89df2b3bd0

    Download Submit

  • memory/112-203-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/556-181-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1792-192-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2092-187-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2132-171-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2132-225-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2664-220-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2736-221-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4780-167-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4780-223-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/5036-224-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/5036-168-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/5080-134-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/5080-222-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download