16586723070ea584d329bf3019e5c56b286fb796a00c45c8f166abd6657b758f

Analysis

max time kernel
145s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

027da5fafd10dad06435034ea4b7b388.exe
Size

829KB
MD5

027da5fafd10dad06435034ea4b7b388
SHA1

4d107b05a86a224e2503bcf258649ed6a6191a60
SHA256

16586723070ea584d329bf3019e5c56b286fb796a00c45c8f166abd6657b758f
SHA512

c4d32091a3975db287832202e90ce8d3d54d7e9ed0722e7c31c2d28bf23ae8af0e17efd6e5345ebd6976b66d9b29346fea4b039304dabf76a3a9b3f51ec9b13d
SSDEEP

12288:FNmVU5tEcWv6CtPcPIno6xkmITN4K9pe0tp2/dJ05tR5iCcuqKAff0UJWsQi:FWU4Rv/BWGo6xkv4K9oJ05t64SXJWRi

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 5 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000b00000001225f-4.dat	acprotect
behavioral1/files/0x000b00000001225f-81.dat	acprotect
behavioral1/files/0x000b00000001225f-98.dat	acprotect
behavioral1/files/0x000b00000001225f-93.dat	acprotect
behavioral1/files/0x000b00000001225f-80.dat	acprotect

Executes dropped EXE 3 IoCs

pid	Process
2900	lyb.exe
2948	lyb.exe
2424	lyb.exe

Loads dropped DLL 18 IoCs

pid	Process
1996	027da5fafd10dad06435034ea4b7b388.exe
1996	027da5fafd10dad06435034ea4b7b388.exe
1996	027da5fafd10dad06435034ea4b7b388.exe
1996	027da5fafd10dad06435034ea4b7b388.exe
1996	027da5fafd10dad06435034ea4b7b388.exe
1996	027da5fafd10dad06435034ea4b7b388.exe
1996	027da5fafd10dad06435034ea4b7b388.exe
2900	lyb.exe
2900	lyb.exe
2900	lyb.exe
1996	027da5fafd10dad06435034ea4b7b388.exe
1996	027da5fafd10dad06435034ea4b7b388.exe
2948	lyb.exe
2948	lyb.exe
2948	lyb.exe
2424	lyb.exe
2424	lyb.exe
2424	lyb.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	lyb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	lyb.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1996	027da5fafd10dad06435034ea4b7b388.exe
2424	lyb.exe
2424	lyb.exe
2424	lyb.exe
2424	lyb.exe
2424	lyb.exe
2424	lyb.exe
2424	lyb.exe
2424	lyb.exe
2424	lyb.exe
2424	lyb.exe
2424	lyb.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2900	lyb.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1996	027da5fafd10dad06435034ea4b7b388.exe
2948	lyb.exe
2948	lyb.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2900	1996	027da5fafd10dad06435034ea4b7b388.exe	29
PID 1996 wrote to memory of 2900	1996	027da5fafd10dad06435034ea4b7b388.exe	29
PID 1996 wrote to memory of 2900	1996	027da5fafd10dad06435034ea4b7b388.exe	29
PID 1996 wrote to memory of 2900	1996	027da5fafd10dad06435034ea4b7b388.exe	29
PID 1996 wrote to memory of 2900	1996	027da5fafd10dad06435034ea4b7b388.exe	29
PID 1996 wrote to memory of 2900	1996	027da5fafd10dad06435034ea4b7b388.exe	29
PID 1996 wrote to memory of 2900	1996	027da5fafd10dad06435034ea4b7b388.exe	29
PID 1996 wrote to memory of 2948	1996	027da5fafd10dad06435034ea4b7b388.exe	31
PID 1996 wrote to memory of 2948	1996	027da5fafd10dad06435034ea4b7b388.exe	31
PID 1996 wrote to memory of 2948	1996	027da5fafd10dad06435034ea4b7b388.exe	31
PID 1996 wrote to memory of 2948	1996	027da5fafd10dad06435034ea4b7b388.exe	31
PID 1996 wrote to memory of 2948	1996	027da5fafd10dad06435034ea4b7b388.exe	31
PID 1996 wrote to memory of 2948	1996	027da5fafd10dad06435034ea4b7b388.exe	31
PID 1996 wrote to memory of 2948	1996	027da5fafd10dad06435034ea4b7b388.exe	31
PID 1996 wrote to memory of 2424	1996	027da5fafd10dad06435034ea4b7b388.exe	30
PID 1996 wrote to memory of 2424	1996	027da5fafd10dad06435034ea4b7b388.exe	30
PID 1996 wrote to memory of 2424	1996	027da5fafd10dad06435034ea4b7b388.exe	30
PID 1996 wrote to memory of 2424	1996	027da5fafd10dad06435034ea4b7b388.exe	30
PID 1996 wrote to memory of 2424	1996	027da5fafd10dad06435034ea4b7b388.exe	30
PID 1996 wrote to memory of 2424	1996	027da5fafd10dad06435034ea4b7b388.exe	30
PID 1996 wrote to memory of 2424	1996	027da5fafd10dad06435034ea4b7b388.exe	30

C:\Users\Admin\AppData\Local\Temp\027da5fafd10dad06435034ea4b7b388.exe
"C:\Users\Admin\AppData\Local\Temp\027da5fafd10dad06435034ea4b7b388.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe
  "C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe" /ShowDeskTop
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:2900
- C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe
  "C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe" /setupsucc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe
  "C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe" /autorun /setuprun
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hkl674B.tmp

Filesize
156KB

MD5
5092c9f0188ced338640729a6ee79ecc

SHA1
f0223af7073557cf3a44fc28f10b1a36fee6f19a

SHA256
f26f199fc982191d9553d5e87184f1c9f0f0f2ab24a04c0216910b1b75849d12

SHA512
3dfeead3896eb33f08657c9b4f4514ad1fa7310ecfac19cb0db88a0b53d00d754325cefc36edaf00c65871dbd70163280046e55ed7ccf4b1680bab41e0ee1213

Download Submit
C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lander.ini

Filesize
383B

MD5
bf9bae790c9309c39b6f22c3a854f2eb

SHA1
ba52ad33cc7640a962b4da5dded9f1da2ae7b5f8

SHA256
4418d615142c11ee8ebadaf29364712d00c9a2638882776fd05a83d4093d8bb5

SHA512
558324c9c8234e4b57222fcd978fd15d8501452e30f5471d65775068375ea02ca950060af09e8f6eb7bf77322b6bfcf245335d4b68e92930e8fb20ed10f21103

Download Submit
C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
497KB

MD5
6c888e8efccbc677d348927d513202e1

SHA1
987a3a311c00988b9de485053ffb21adf155704b

SHA256
a3d75f234864c243b0057bda23bfe86b39c6e53ee851ba424cc5cd6d2407c0a9

SHA512
ef2af055742c76ec3dbff96dc8636ac03e3e9af61d768b55db627c192737acba87a7664ebdb7c20626675d15f93f4f6a9b3bab709c2483bf6e75c2bc028c8aba

Download Submit
C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
86KB

MD5
8a2b95982d528b7eac2ca7c25ca41b60

SHA1
e86e3f39183fb076f6fe3d61def2ea35731ac6ce

SHA256
6072b1afc2b753ad7f4df336fc1f0dc32c0377d0a264bc61edfa465eece782d1

SHA512
447d20888e1b278ab50e99afb2fbb56e1ab3fdf6d571ae819551031e84a73a4b4019b44d9682d8a390a08d395953ee0bcc352da50e048bd98f1c87a04b608da8

Download Submit
C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
220KB

MD5
0505adc0dbde08f0d00609129fdfae02

SHA1
8c9c2bb9e73a17641ba8af5e854658c541976457

SHA256
887d986698ff4ea9da3e992c976567b9e3c9186b3ca76ddb1dba0f411e085f1a

SHA512
2d2e48d192c27f70be5e4879dafc8acd7cff09d91e0f4112758e250d0910edffca7d9841f97e9b8c2584e926ec7711eb04c88e3dcf0b5cae19cfaf6e1b188675

Download Submit
C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
85KB

MD5
bb575180c4e0f5ca0d473c8fa0dcd851

SHA1
f39ce3cb6504ca305c61808261b83b8ab84ed183

SHA256
895288cccad3f277ac584b1706460e6e4b66f4349e16a58f75195545bfc33d64

SHA512
577508704b68a6435f275615799ad7a437ad3f21e49bfe72caeacabf65302f6b8c18b8b222d2d38448f69c221e409e42528228612b13e67d2fdb839a23d56edd

Download Submit
C:\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
46KB

MD5
fad21938f6454e4f2a61e0281e4c7fb9

SHA1
ff0db5f0acc36fdf0edd637ddb72db1e637d8a6d

SHA256
9f2890ec75f228b6f75f2281aea84b94b2ff55c7cb34616dcda91ea8c3fe7fd5

SHA512
40ccbf94b061dd74e3c72b790943546691f28fd4a37546fd2938787cbb31f907f4cf8bc622c1547798fbf5078fd8f582a0c6ef01a96d2ec82206bbfe153c5efd

Download Submit
C:\Users\Admin\AppData\Roaming\37游戏\lyb\Lander.ini

Filesize
309B

MD5
93f27cde04579adfd30ea2792a45cb37

SHA1
d6a1f1be42a8f252b111bb5649d78b2e40d9e916

SHA256
6ad084b072a29952dc9217e476cddddd44b07d9ba91752ffe1fadbc7d3ebabfd

SHA512
64d52aab0c17af3e664aba722037f77b05edb0c1ec42260b450fed9e510a6f4c7930d4329bde4444013782b3306bb814d0ffa3688545983b2c6ebffaab654156

Download Submit
C:\Users\Admin\AppData\Roaming\37游戏\lyb\Lander.ini

Filesize
66B

MD5
11097c92fa6ae38dc5d087403e8079a9

SHA1
4d6c7fed11583c733b47641e6abda324cf37638b

SHA256
e0b69b007c03a04e46719a4123e10f931dadb142305aaa83b01021b455f80c3e

SHA512
9e39314c67085d7319cbd66a5086958ebe629fb1487a5b8ee455270c58c0a828c19fdc6a275446e9f6439293b257fd33bbdad2e83a22a1ac057e4279d32354e1

Download Submit
C:\Users\Admin\AppData\Roaming\37游戏\lyb\Lander.ini

Filesize
105B

MD5
cf6bbd93ae0c6cbbca5de69830d40ae0

SHA1
6fa8800c04d7e82a690c621d42ce368130b9b929

SHA256
f541851d41236b23b61b5bf027290f49e3d6478a1737b83538180ef422b4d658

SHA512
836428732a05e0db7f1f5b94f2ccf66ca49d5669e0890b0a96108ff7a24ebfb3af1300eecd13fd3619cd8a5a95d519d6de16e2cda4124aa66633fcc839fc8ed7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\37ÀÅçð°ñ.lnk

Filesize
925B

MD5
21b596dcdf32fe149fdcad2d1ce1756b

SHA1
c09251f2f519fdb301a7cde6a9337cd73d6978fa

SHA256
0047d613b39b84c09e43dc2bf346b00dc89205d4633ef8a60f8bbc50ba96d7dd

SHA512
4b3ac185fe499838add655e9affc0497638e58d4c3772eb709457ddb004aa19fd269fd4665d6f8d7cbe06a0c7a8199086585096c9407155b586a6076ea4ccd51

Download Submit
\Users\Admin\AppData\Local\Temp\hkl674B.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
\Users\Admin\AppData\Local\Temp\hkl674B.tmp

Filesize
75KB

MD5
9a9f9e2e50933fc5425ee30c572e278d

SHA1
df9ee7aabd40aecd3d43db954d39960bba5a5369

SHA256
be70d32770a02c8cf8afce15db9ead779b641f895772ebcbf207a40d084f5f1f

SHA512
490c481addac1d527376a93da1f0fb24c3654157ef98fa48ca02a13728fb9696b3bb6d51784a15a8afd5262dfe39f71171ba9725c0528ae0c963836887eafd5d

Download Submit
\Users\Admin\AppData\Local\Temp\hkl674B.tmp

Filesize
58KB

MD5
7a9d27dc110c951d5069a273af411689

SHA1
f527d152142e23c39889d646dc638119790160d4

SHA256
5a066f9299c37aa24b262abac7780e711c0a118ce9da3ccf1c048fe1c42f6d5a

SHA512
ba5d003213095b26ee4b1d46075d191b97a2a20eb319d7874663df798f077134938ca4c6322513d01589bb94384a039e3ed1e124eb9636d23197b05436d27977

Download Submit
\Users\Admin\AppData\Local\Temp\hkl674B.tmp

Filesize
54KB

MD5
bce431bb3fd4dbd77ef23bcdc225571a

SHA1
8d1cf6690c4f701af1888ec8a444a79e0d515aee

SHA256
f15a59ea869966e6bacbaddec8a96952f614394db93ea0a265b043afecb74c35

SHA512
45428d64bacbf6c159487cd890e150dc5c3e0f0c86255c81eddf51d049028a62a2ea07068cef8dd70fe94085f1132f2ae3628dd7878d2acde96d3300fc76672f

Download Submit
\Users\Admin\AppData\Local\Temp\nst6839.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
\Users\Admin\AppData\Local\Temp\nst6839.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
548KB

MD5
a65cb55541d24d5ba0ea010a88962f4a

SHA1
b8c647a2691045f0ed615478ff1b3dd478097dad

SHA256
92a95466930715a8acefd76a4295bead0810e93e461755424155041b1f52492c

SHA512
9f46210238148daa7384d358b97ab9852beb685c61891285f19c07d4a2fb2b3b725f6ce7a7958000d10916b79dfd2dbfdd23bb15a8e648e86eb2f49fba5070ac

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
426KB

MD5
491a2944b36ed119749980a933d1a0c2

SHA1
fb44abff2a651f6367617197dcb45301684b40d8

SHA256
d0a8817a629a22d673c4e2eb3788c16ef2aaf01b788d4c1e76fa1c594e6e3a1a

SHA512
061fcc8cc64da133fedaafa5bd05d4e2dbf4184b8791875ce23c52e0e74f2bd4c5a6e37b5aeb81d6ea0472f457de32d10e99a44c3b763e7f773ccc4ba0142c9e

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
336KB

MD5
17d01b09aec29d52178aa195bbc50b2e

SHA1
9abc674a73904235f8041672d78e988725e3e0e7

SHA256
907c8bbf2b6f14202349f7b360e86632a3327360a52cfbd1629cfcbcde040d79

SHA512
3958ef7b9d5d022d588785ffe86bc75bf379eb2372c83b2378014cdee609309a741cf57c3df1b00590288c664f888b7db5ed62ef1dd02372b471e64c4496e839

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
141KB

MD5
d36857eab4f071ae2ee1ee7948707cfb

SHA1
5c968279c6230e7de0e27a0efcb1c5fb756618ec

SHA256
0c66212f8ce8c69ada6ed30c67d53f07aae7d394746ed565226fc8e2f7d9bcc7

SHA512
17074afc040fba4350788b226b1614a7f37a8fe22c8ae622f4081903cf5c996260c47f1905e794545a3dc38a4140737bb47950b7c471e9ee9bf11f890e8de648

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
241KB

MD5
4a90f1496fb8a6688e92cb53691fa012

SHA1
77b12a4dab985841ff9550158c982a9804e6807b

SHA256
0e0f7157ed28be654bf860ed542e4dd32e41751ad34fa182fd72fdd926b490f3

SHA512
3dd39794b28e6afbac151106e7d7e89f9dce7947b301824afa35ae6cc536afea0965857d62d5e08cafc42af6d44c26ca8d8db67cd8970a25cf990d89a9845d20

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
112KB

MD5
ec49bf2f70dd36dd7494f302ad3b1b19

SHA1
cc50339325a81c2853546f6233b5ee9b2fe4bb5a

SHA256
e9e4f9114f8b21fbfb103781b3c2292208fefc85eeac69026b703db9782d3890

SHA512
897289b30570d9c2eb680c8ade888001b61347caf05e759a83ad9f58730d9263cf3d916f38848b937cc84d91175f63b71957a7bb4be258c93ae0df19a892fea1

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
59KB

MD5
512a6ca79a8952c332d00394be759c16

SHA1
291996df835f4490160a92c6dc34ad73e0cecc15

SHA256
a449b29879b2a239e3362e83c5eda71639ae7fc532308ec9fa8355fc8132a2a8

SHA512
b3bd1c7d11c4394325b463e7c7f0159dbf9f91c009b81948a10143f5af8ae51cfa3dce3bdf90e34b309a6a716516547d2c767ba8ac41e9e85dd59cefdaf509e3

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
79KB

MD5
0729a0cf4ba78e5eff911cec6d935ef8

SHA1
e4efefcef5ad1c0819ac85f2f29459cadf09c5b6

SHA256
e43c61266b199f566161694e06e5f0f85f74659a81bc8229435c9360aedfd93b

SHA512
8c9e242fee5e2f797a477c53fcf73b4909b095d742cfb4376f9065464d78c86b4182bbd7c6f043e6c301469718e8d9b33e133fa336b5ebfb3fa032159fab06b3

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
192KB

MD5
699c97ac5cdc048a3cf164945b151791

SHA1
5f49f88a1ae6faf0df42257058e4339bbc5ede30

SHA256
1b2474e214e692c7b5eaf8d9e386c72ddb427cbc076c14a344e15c092f9b9d58

SHA512
dd725301f8d31cef1483291f04135cfc66d1f3f237c1e5fae92e9359ba9e3c031b0f6bc070e2a4049cdfaf1d42b1c899a6c614f2201745c0fc9894d7869b3808

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
51KB

MD5
470a721137ce30a4c0fae856e015fefa

SHA1
c29a97ceddc4dc58c3c3f6fb5a043d268de57500

SHA256
9fdd10cbadf9edc6f22ae985e73275a8431713e0b850bc7bce840ee37cdbcbd4

SHA512
9443665d96527a0de4ab4ca6303fc97c8eca0f12ca38c454c52eb8b7611842e42400ecd1a5ee540169a302ec679b54d5b2dc05de3c62703e21f61e0563f59d66

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
84KB

MD5
ad8bbfc314bdc35fa40b95718d53198f

SHA1
02542d94e947c852c58c764c560dedb42ce01295

SHA256
23cc579679fe065dc08334d1ad62c09a0b1cb67695b0be358c990b34789aae54

SHA512
4aa1adab927d99ff64b81661c29da56280847677ec3b9ba562c8d434fc6bb4e40eb8008ec72a5b3599c311fec7dc7fc9a9b76242f4a34ea708e7e094ca7c5159

Download Submit
\Users\Admin\AppData\Roaming\37ÓÎÏ·\lyb\lyb.exe

Filesize
85KB

MD5
b06c71e73a30eabe3c63da157a80b23b

SHA1
8af85bc873e666025ff107961b7fb87442278c5e

SHA256
b2289480d79dfbf3f6b7fa808992167ad6f37089a76544a225a8c6d0bc4018b3

SHA512
974f6c7b7afd9022bc51927af96fc2f649ecc3d832c06ac29cfec015eccc98dd4318880a3714c90e0c5e0c1c663269d6b2ff884fd6c78d1f106d9c4f799656a9

Download Submit
memory/1996-24-0x00000000003E0000-0x00000000003E3000-memory.dmp

Filesize
12KB

Download
memory/1996-2-0x0000000000240000-0x000000000027B000-memory.dmp

Filesize
236KB

Download
memory/1996-6-0x0000000000440000-0x00000000004B3000-memory.dmp

Filesize
460KB

Download
memory/1996-131-0x00000000003E0000-0x00000000003E3000-memory.dmp

Filesize
12KB

Download
memory/1996-130-0x0000000000240000-0x000000000024D000-memory.dmp

Filesize
52KB

Download
memory/1996-0-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1996-129-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1996-3-0x0000000000240000-0x000000000027B000-memory.dmp

Filesize
236KB

Download
memory/1996-104-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1996-103-0x0000000000440000-0x00000000004B3000-memory.dmp

Filesize
460KB

Download
memory/1996-128-0x0000000000440000-0x00000000004B3000-memory.dmp

Filesize
460KB

Download
memory/2424-102-0x00000000002E0000-0x0000000000353000-memory.dmp

Filesize
460KB

Download
memory/2424-106-0x00000000002E0000-0x0000000000353000-memory.dmp

Filesize
460KB

Download
memory/2424-119-0x00000000002E0000-0x0000000000353000-memory.dmp

Filesize
460KB

Download
memory/2900-82-0x00000000007D0000-0x0000000000843000-memory.dmp

Filesize
460KB

Download
memory/2900-83-0x00000000007D0000-0x0000000000843000-memory.dmp

Filesize
460KB

Download
memory/2948-105-0x0000000000160000-0x00000000001D3000-memory.dmp

Filesize
460KB

Download
memory/2948-95-0x0000000000160000-0x00000000001D3000-memory.dmp

Filesize
460KB

Download
memory/2948-134-0x0000000000160000-0x00000000001D3000-memory.dmp

Filesize
460KB

Download