Analysis

  • max time kernel
    300s
  • max time network
    220s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2023, 01:36

General

  • Target

    33b2efc76e607b0fc8fb6e55df7513a74a0cc9093aac3a82ede71b005b550149.exe

  • Size

    239KB

  • MD5

    de2364fd870a52180658d8682b9a3dae

  • SHA1

    5f8509e9cac42cbc598b3482d9f8d7ae8852a26e

  • SHA256

    33b2efc76e607b0fc8fb6e55df7513a74a0cc9093aac3a82ede71b005b550149

  • SHA512

    62a849335c1e1cf3c97a689857a5e62b65c674da78b159b97cba487d899ddc22c5de9489130886f8044c21838692acdfc311544146d3755aef9527b3d7b74a7b

  • SSDEEP

    6144:AQ46fuYXChoQTjlFgLuCY1dRuAOiaS7Tw8y0:AhYzXChdTbv1bubETw8y

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33b2efc76e607b0fc8fb6e55df7513a74a0cc9093aac3a82ede71b005b550149.exe
    "C:\Users\Admin\AppData\Local\Temp\33b2efc76e607b0fc8fb6e55df7513a74a0cc9093aac3a82ede71b005b550149.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:1748
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 52
      2⤵
      • Program crash
      PID:2576
  • C:\Windows\system32\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\43B4.bat" "
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1980 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2900
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {F0AABFF7-5CEB-4CAB-BB75-010CA638E3E1} S-1-5-21-607259312-1573743425-2763420908-1000:NGTQGRML\Admin:Interactive:[1]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Users\Admin\AppData\Roaming\scrcduv
      C:\Users\Admin\AppData\Roaming\scrcduv
      2⤵
      • Executes dropped EXE
      PID:2204

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2d9f95b2b9f7cf4af05aec70afa40e5d

          SHA1

          9fc9a8ca28ed1cab304bd4e22e76601984732956

          SHA256

          0c89c9d59b38b857b9d8df152c931549147879549bf7fc1a3fe5deb8a6e56672

          SHA512

          1a9e01e13b7ab1d350428fe5a157d52ac0743c9f5249c2c0d73f22cc4900553e6072780f44cec8dba28921b45f3d52dd4f5dad1d946c9d89ea246ad37da875bf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f47d4d3d12fa6e7e2c6b3a33de397dcb

          SHA1

          0f90ebb447406185e9a471b9133b656049b5effc

          SHA256

          a0bbd12c3663cf3e049875534194b785b782ef5205e1f42ac8e28c0293d17990

          SHA512

          ada51690d628b15f41312db64c35f108333c44b34c273ae0f64f0ed6c7acc8b50f1eed0659f9e616b18dca0eb6c1e1b367a490e7351668402b70efbe79c22de4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          445cc3bcff78c0313af3b92af9a8b9b1

          SHA1

          f0076c978f50b459f1001b0639eadcc764fd8902

          SHA256

          0afaa0e5e4fc670874551c7991e42fc0872899e948d101db8c9443975efa3a23

          SHA512

          596656c51c58b04240bf40b47b5419c3991b7c8b4339549886464c6362241743c0c8c1fd673dd934d13f7cd40aab3525133118d92394afd10470a308e1e7bd9b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          45d6ac546454583b5ac906f3dd8f658b

          SHA1

          7c17de3526d272f65f58de4853bc61055c4c73ff

          SHA256

          265ee0452bed0237bc53a8ed41ab996ef0da62717b1603bad3829e562ca375b0

          SHA512

          6d652aed9a8969cb665f8a59b121b3f565b3084bd3b75a1f9171e0f1eb245029c9a4c36e6fac5b84f54d9adf4af80aea3127d77e099dfe19f396cfd3d89568f9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d414048e0c525981246781706f8371d3

          SHA1

          7a0ccdae28568655e3371ec2d060d2bbd48af4f5

          SHA256

          9770b153e6c042d9552cee3c10edc4b3ba34f163dc51d12240957454358ecdb3

          SHA512

          15e3307fcceb9ae8b303eac27bc457888496960010141720fd64118f887a9afbc6a1d933b12c011eda4d696278d2c882a90638110efccdc5125909fd177d7123

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          512112e15ad5ef1fefaf6d8364394c1c

          SHA1

          b432a83d0257063a95b235aad1166a8661ae9cd8

          SHA256

          ec7056b8a3a1997d0ea526a86c09145f05269269153c667782431f3e953933b4

          SHA512

          c8d3ec6182605cc12ff3ae002f2d2e3564b6c0dcc3c08c5d0180898fa988c7e0c3f3eef636b19e675776c95232f6d6a0d0530ce0ab008778f6dfb606807abc08

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          546b07c434a4ad1597f7cd680d388830

          SHA1

          b54964acbf23fc410e0d77442717bf5741f81bf0

          SHA256

          298dd7eef8070f9874fea6f97c6f27fcccebdb1d1cd128af7a348b94cf9a9aca

          SHA512

          fffa3c2f5c9936c0b3ec3179e1e1ae87164c60792bc526b8c313f8876f7b679f4f1179281735c4d5601d89702558f656b90a0db186b31c76faeb45d9f160c589

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0bc547abbd1fb99a7df2685822f082f3

          SHA1

          6558fa0cc922ccf86ee90ad3682408a37728f759

          SHA256

          52a1cff848b9dde1c65556c0414c63c4a8efcfbc6edc9902f1de88cc1900ab40

          SHA512

          ceaa0f8115049464bc3ade92f7459a5240dc678376856854fb896a8e39bd0774e1a4c273f3059caae93b9800eec9eb17ab8eca045356b3236b3b24b9ec1afc2b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          82a021e30d4fc694430a22eb090b8d4e

          SHA1

          31c7052a27ce31304a0cd9ee4ff8d1f48d5bd890

          SHA256

          1d78468ec73566f54c691e01020c6d3762a2a795c6b5bab32185551550b0fff0

          SHA512

          5a0fea534f4710071b3515712d2156da883201857b3154de02d4ba7b5a3c2698076e4af9c609170920f4d3e4217c7bb8953632b35eb4eeb2d63c2b989acacc3b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          50711fb5622eac71f5c93f2bc491159b

          SHA1

          17ec7d30697425cd44c46b9cb0d4fafa71c9beea

          SHA256

          af25f787cf55b93a23bf3feae9619ad05aabd93fc61628fe94dffc532b3e5919

          SHA512

          56b490effe2399fecccafc26d3e8f98ac310895dd70c803aae3788c90bafb28d591b69db63702d21c1c71beae1c1506c8221dc65c20d8514aaf6224d2bf7ed0c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          329d869af1da516a58ae4984c86a581a

          SHA1

          cfeac2e2d19dbf95d474e26996b9e5193dc4d231

          SHA256

          caee58c89036a02f41afdb5fa8c3d498246f3b836a31798c950353a680f73e09

          SHA512

          38e669dd05714727ec5074460639803c04179dd9c18726a821f79e1bc96225b6bf98049ab64cb705afe4c08f00ee1197c7e85104a2fe1aa79628931f67e93d46

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          614b69672aca373d9595e13a2dd6b6fc

          SHA1

          54c89df8ccc3104b5fc59a37f191ec407c5fb8ab

          SHA256

          3c60dcaf1b4f816ce46c3b64622602e3b9dc6f9b6eeb05097f138e44ff50f01e

          SHA512

          260600218aaa69c7854748273e144406c4fd10fca4d2db879740d1190fe87fd3f82f73f639f68c96f0e576291571541358c7919997fd08b0b2285ae49390768e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e8960b01c95bc5e2fc3c661ac453ca8e

          SHA1

          a9460fd984b2f0f16cae040b367c42720481a13f

          SHA256

          39671880f87d6f3dc2b02377c3c0641165913870f4d67af0a031f3b5e556e4e0

          SHA512

          d9fbb2dc04d6ae39581e9beaf0b46674107c9a85587a5ce1008f348fb795410d50a6ffe811f56b04e9192148d44c7546750ef27c04ff2cd94dae412e1c662486

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e6c390f997ba2fac8909a173455c08e9

          SHA1

          db041ee8d41c9d0920fa0dfa1b4e01847c8850aa

          SHA256

          b1088efefc97cef53fe86ce5c48fa0d0e3d719f1cf50ba1d87fc9f75a31c8bd6

          SHA512

          40a0ba0805c2e6768d29ac730299bd4121030c1906e2a6f5ee4e82696630b61283f0699cfce8996235cfa705e1e5026d74ae9b66ae98b8d3797060e443517f5f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2fa61e3d9786f90830a7fa4eacf024ee

          SHA1

          84fb8c57902e609bcd3291583048a876156eb5da

          SHA256

          735a1d9351312f7cb6c6aa0a5e4c1c3d0339185457fd7dd9d217eff4ff65de2d

          SHA512

          8c6dfeba72c50b94ac8ee6c0efeaff63eecbed39ad1248f5775831122681a88bba23d1c988bcbaed72bb028dc2cacce3eed270b207a01b339c7a6af06d64a09b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          9a7b12705a50de3a43d5f88d092b6b21

          SHA1

          2f06a972cb07fcab8ed7d3fa0ed84024145fe004

          SHA256

          99c82ad74f408223beaef3cc7810d55366c1531080a294cd119fe1dc942a610f

          SHA512

          0042a8e2f610f157ed75eac18a336847b3b74d21c8585b90fb6d68158bb27ed617553a680ac7387525d508e45c476d5c08f3992bc210756e75eaecaf961a8bb7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          313496de9cabac614d1c5f58ef06a99d

          SHA1

          a66058256352fb9a6ea373872de1ee46e5b74682

          SHA256

          7b8f5399d0636b1ce2aa25ca51e97dd04f97caf02c48ae8df496a119b49745b2

          SHA512

          d72848f834dc69e1696c3e8367e0bf3e912a13bc07d71aecd54c0db8c9e43d57fc18e4817400ac43a00b71b6fa28a6e35512706f9f3ffaaa6dd5f1d6c2b6993a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3d9ad55b4f7b7230dc33050f82a2627d

          SHA1

          b781d87a6e377ec0df54e2f8651f88b60ce16dc1

          SHA256

          b5a7aab363129c1ae21e8123841d6ded204d74b75f436dce6ab89fb5e30c64b5

          SHA512

          ac4893c9a709e7fbeb4dea2e252d533074406772df73ba70e3c1d375720d64d58e58080f01cb086194f04a3c2f111c60b6ee0a5b1d39086b0d15dd2c8419ed10

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          beb5bf6558f28594e234782ee54acc7e

          SHA1

          f83898ef00fcc088dd2d0da22ee958e61b2fc537

          SHA256

          a6bfe40039fb116ff92090eb6c07925eb3240058852ee651af4c53f5cd8c7e8c

          SHA512

          ff998ac8fa74b42d574308ea3d304e1e764cc2d7bb84093d3cf2e96988195d57ec7afde5d1192930fe3f946040fb80eeede109ac243c58f69551abfc7f11da14

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          aa9d4394ed6f71a7ee248fbe47552121

          SHA1

          2a638ebae4ac50a9733a960a1df93eb8e0fb559f

          SHA256

          6b037ccdb236d1cef3a25762f21c7ec230208b30fee9e09957f3f5af4ba27b34

          SHA512

          3ae4c365c588d90561c4876fe6cd467424765ec7dd1bd1649bacb7470268943183cd6bb15852bc27840240508fb9a5bdbbcec0dd06df68a8313e7be28d79814b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e77b8effdaab373cd5c8f83e1b262bf7

          SHA1

          ad0cca50d3c811b602928e67285f3ff93d3a3308

          SHA256

          45a1a08af2bc2c56bf0db6799c241641c173260098c71c1f3ef48981685ccd8a

          SHA512

          af8eb7894f13d8b37eaca789feac0d9fa870f40baf234b6ca28c07196ae8cf73bbdffc5e456c1277b7bee713e3cc5320019a05f7480098e62d7522aeca7ad3a3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3bc994ebf9f71481dfd65c6e0446594c

          SHA1

          905d60477558d93555baa6086335892d31df60ef

          SHA256

          1b91e29761099e48c858e73779d69141db0eea1b4026ae421bdc788f82ea413b

          SHA512

          ee8c0882b311ed18a9b88d6377f6fbfd2122710d475b90ae6d10d3ce8b9754e4a2f608664ef3375c317908b884d8e4f7ad6894608c0bc35548e4e8daed416a10

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e455dc294b27db8f7df4b8a64035f717

          SHA1

          c5b9c6c563cef90919c810d587345584e8365afe

          SHA256

          fdfffecfe7057ee8ac208bf6e2c67c0f2725771483bac08cd6dd2232c14702a0

          SHA512

          16258f23865ffdddd8eaef5fa0eecb16f535baed2ff535ad8b78e158bfebe39c740ea2b9a2e66de775345d70f7043babc7811f2d65abdc4f254de24732a3c7d8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          824863e1a1da5da101913758218bc55a

          SHA1

          82ec7f24e5998c507aeee5a2b5531121f5244dcb

          SHA256

          f80c797f7ad9edde3d6ede28e677eb12eea57600e6b56b2341f12f75e4e38907

          SHA512

          b5736dfe4abd979a71bfcf82c3f3062518b88cfd067bc9257a4a1d2ab4022a85a2525f47bfb15b2af5f1166cde2dd2f9255f5228ba42944e703ba12c55670048

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pucq4vc\imagestore.dat

          Filesize

          4KB

          MD5

          241d3e99f608ef02a4c71e388334fc38

          SHA1

          7cdc5e465ecd7070af4925fb7a2531974350bbb3

          SHA256

          7d85a40a59d8163183ca71ff79737f77d306585880b7748dfbf4c4c8aa0ea9c0

          SHA512

          58bac791e7d21bc2fef46af779aa704265f2cba82ad07226754c21bd9861881904c1b921ad088ae0549725ac6b14dbefb7fe7b131d15d454671915636f64020e

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8E7WD55\hLRJ1GG_y0J[1].ico

          Filesize

          4KB

          MD5

          8cddca427dae9b925e73432f8733e05a

          SHA1

          1999a6f624a25cfd938eef6492d34fdc4f55dedc

          SHA256

          89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62

          SHA512

          20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

        • C:\Users\Admin\AppData\Local\Temp\43B4.bat

          Filesize

          79B

          MD5

          403991c4d18ac84521ba17f264fa79f2

          SHA1

          850cc068de0963854b0fe8f485d951072474fd45

          SHA256

          ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

          SHA512

          a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

        • C:\Users\Admin\AppData\Local\Temp\43B4.bat

          Filesize

          79B

          MD5

          403991c4d18ac84521ba17f264fa79f2

          SHA1

          850cc068de0963854b0fe8f485d951072474fd45

          SHA256

          ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

          SHA512

          a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

        • C:\Users\Admin\AppData\Local\Temp\Cab477C.tmp

          Filesize

          61KB

          MD5

          f3441b8572aae8801c04f3060b550443

          SHA1

          4ef0a35436125d6821831ef36c28ffaf196cda15

          SHA256

          6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

          SHA512

          5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

        • C:\Users\Admin\AppData\Local\Temp\Tar47FD.tmp

          Filesize

          163KB

          MD5

          9441737383d21192400eca82fda910ec

          SHA1

          725e0d606a4fc9ba44aa8ffde65bed15e65367e4

          SHA256

          bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

          SHA512

          7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

        • C:\Users\Admin\AppData\Roaming\scrcduv

          Filesize

          96KB

          MD5

          7825cad99621dd288da81d8d8ae13cf5

          SHA1

          f3e1ab0c8e4f22e718cdeb6fa5faa87b0e61e73c

          SHA256

          529088553fe9cb3e497ef704ce9bc7bc07630f6ddfad44afb92acfe639789ec5

          SHA512

          2e81251a2c140a96f681fa95d82eee531b391e2654daa90da08d1dd00f13cba949136d465a2dc37507d40b4a708b6fc695baa716f19737591b1a89bd2a4b60b4

        • C:\Users\Admin\AppData\Roaming\scrcduv

          Filesize

          96KB

          MD5

          7825cad99621dd288da81d8d8ae13cf5

          SHA1

          f3e1ab0c8e4f22e718cdeb6fa5faa87b0e61e73c

          SHA256

          529088553fe9cb3e497ef704ce9bc7bc07630f6ddfad44afb92acfe639789ec5

          SHA512

          2e81251a2c140a96f681fa95d82eee531b391e2654daa90da08d1dd00f13cba949136d465a2dc37507d40b4a708b6fc695baa716f19737591b1a89bd2a4b60b4

        • memory/1228-7-0x0000000002C60000-0x0000000002C76000-memory.dmp

          Filesize

          88KB

        • memory/1748-0-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/1748-5-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/1748-6-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/1748-8-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/1748-4-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

          Filesize

          4KB

        • memory/1748-2-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB