4aff974db2413e19562609cfa92f7a0c22a1f392c6b44fc0305740f79f323e9d

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Funshion/Funshion.exe
Size

2.7MB
MD5

12c92913e1e2f029be52e0f3103c3c16
SHA1

27c755028045ba0304033a68121a255482aa7bf7
SHA256

d1faf8d2282bbe2f15715f703076a145f0c64e3b8c7d2f6f966ad9bcce9f463f
SHA512

48baa2229cc6c63991fb6a471ab3043f877da6b2dbfeb9a1196a2a6237386621ac4f240d2752c463f17a49f3d0d74716cb0f9009ea3d55efef101644a1fb391d
SSDEEP

49152:xJUfDTk1VsrS2tOWQMtXDeN0y7lBnvrOqyd+gsAnT6LAsr:snkjq/DeN0yH6q0+lLAo

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 9 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	dxdiag.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dxdiag.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Funshion\\Funshion.exe\" %1"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SysWOW64\\dxdiagn.dll"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765035B3-5944-4A94-806B-20EE3415F26F}\InprocServer32\ThreadingModel = "Both"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{765035B3-5944-4A94-806B-20EE3415F26F}	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}\InprocServer32\ThreadingModel = "Both"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C78B8E2-6C4D-11D1-AEE2-0000F7754B98}\InprocServer32	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{3C78B8E2-6C4D-11D1-AEE2-0000F7754B98}	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\URL Protocol	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765035B3-5944-4A94-806B-20EE3415F26F}	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}	Funshion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{765035B3-5944-4A94-806B-20EE3415F26F}\FilterData = 02000000000060000000000000000000	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{238D0F23-5DC9-45A6-9BE2-666160C324DD}\FriendlyName = "RealVideo Decoder"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Funshion\\CoreAAC.ax"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\ddeexec\Application\ = "Funshion"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{57428EC6-C2B2-44A2-AA9C-28F0B6A5C48E}	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{941A4793-A705-4312-8DFC-C11CA05F397E}\FriendlyName = "RealAudio Decoder"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\command	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\DefaultIcon	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{765035B3-5944-4A94-806B-20EE3415F26F}\InprocServer32	Funshion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{3C78B8E2-6C4D-11D1-AEE2-0000F7754B98}\FilterData = 02000000000040000200000000000000307069330000000000000000010000000000000000000000307479330000000060000000700000003170693308000000000000000100000000000000000000003074793300000000800000009000000083eb36e44f52ce119f530020af0ba77087eb36e44f52ce119f530020af0ba7706175647300001000800000aa00389b71ff00000000001000800000aa00389b71	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\ = "CoreAAC Audio Decoder About"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\ddeexec	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{941A4793-A705-4312-8DFC-C11CA05F397E}\InprocServer32\ThreadingModel = "Both"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{238D0F23-5DC9-45A6-9BE2-666160C324DD}\CLSID = "{238D0F23-5DC9-45A6-9BE2-666160C324DD}"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\InprocServer32\ThreadingModel = "Both"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C78B8E2-6C4D-11D1-AEE2-0000F7754B98}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Funshion\\aac_parser.ax"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}\ = "RealVideo Decoder"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{941A4793-A705-4312-8DFC-C11CA05F397E}	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{941A4793-A705-4312-8DFC-C11CA05F397E}\InprocServer32	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E21BE468-5C18-43EB-B0CC-DB93A847D769}	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4665E44B-8B9A-4515-A086-E94ECE374608}\InprocServer32\ThreadingModel = "Both"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\ddeexec\Topic\ = "FSP"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E21BE468-5C18-43EB-B0CC-DB93A847D769}\InprocServer32\ThreadingModel = "Both"	Funshion.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{6AC7C19E-8CA0-4E3D-9A9F-2881DE29E0AC}\FilterData = 020000000000800002000000000000003070693300000000000000000200000000000000000000003074793300000000700000008000000031747933000000007000000090000000317069330800000000000000010000000000000000000000307479330000000070000000a00000006175647300001000800000aa00389b71ff00000000001000800000aa00389b714d50344100001000800000aa00389b710100000000001000800000aa00389b71	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Funshion\\rmsp.ax"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{941A4793-A705-4312-8DFC-C11CA05F397E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Funshion\\rmsp.ax"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{941A4793-A705-4312-8DFC-C11CA05F397E}\ = "RealAudio Decoder"	Funshion.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
928	dxdiag.exe
928	dxdiag.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2380	Funshion.exe

Suspicious use of FindShellTrayWindow 22 IoCs

pid	Process
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
2380	Funshion.exe
928	dxdiag.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 4868	2380	Funshion.exe	83
PID 2380 wrote to memory of 4868	2380	Funshion.exe	83
PID 2380 wrote to memory of 4868	2380	Funshion.exe	83
PID 2380 wrote to memory of 928	2380	Funshion.exe	85
PID 2380 wrote to memory of 928	2380	Funshion.exe	85
PID 2380 wrote to memory of 928	2380	Funshion.exe	85
PID 2380 wrote to memory of 380	2380	Funshion.exe	94
PID 2380 wrote to memory of 380	2380	Funshion.exe	94
PID 2380 wrote to memory of 380	2380	Funshion.exe	94

C:\Users\Admin\AppData\Local\Temp\Funshion\Funshion.exe
"C:\Users\Admin\AppData\Local\Temp\Funshion\Funshion.exe"
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\Funshion\XPSP2Patch\evid4226-vc80-mt.exe
  --silent
  2⤵
  PID:4868
- C:\Windows\SysWOW64\dxdiag.exe
  dxdiag.exe /whql:off /t C:\Users\Admin\funshion\fsdxdiag.txt
  2⤵
  - Drops file in System32 directory
  - Checks SCSI registry key(s)
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:928
- C:\Windows\SysWOW64\tracert.exe
  tracert.exe -d -h 16 -w 800 209.131.36.158
  2⤵
  PID:380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Funshion\funshion.ini

Filesize
129B

MD5
0d6abc1213b8fd601ef9e2dc611f75a2

SHA1
f69532fd10d14ea3eaca521e9718325379673eba

SHA256
cb5e2cb3c7a081adcfa02141a806de9b8649a7c42b354d27a5d346ab3e4100b9

SHA512
3b17738a4547c0441ddd02d7037f7dfb88f2ecf6479702698f50c041294b7f06689da24cd8a07d96066c504630dfd0c8e1747c5f584885cccf63aedb6987caab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Funshion\funshion.ini

Filesize
156B

MD5
08f6f4643955e2475da5347e085cb156

SHA1
23ad0e893c50a8e5edb0b9418093737bb2c52d4f

SHA256
48ccbcf8bff9115f2954cb31c9181e0ed8118788ce766b1d3492bf696eb441fe

SHA512
c2b8dfe1d0beff5cca9fe07e5ccd8fdc26f47860958c1ce22ddbf617196b450ef77a5043d3ce7f7f861b5bca5cdc6799c89bcec4c2ccc5f57a35188085706b50

Download Submit
C:\Users\Admin\FunShion.ini

Filesize
191B

MD5
19c4b35fad36514a5ca2abf88acf2641

SHA1
ff80e38192c8d4b4ed743a69cff80a2c53b1ce19

SHA256
02d7e73cbf705206f03777c4788560782855cb15a9ce6603ad8bc6ddfa912c1c

SHA512
2f72688bb5b574a3e85e1990fcd9ab6efa579267bb02f67505954a4fe9ad36565a104ebbf31b23d18b2300c95c023dcb879d7bacb6f387fe0f47d1a947d892a3

Download Submit
C:\Users\Admin\FunShion.ini

Filesize
237B

MD5
fedc351ec2bc2ebfd42ea1c3117fa639

SHA1
3744795581ddc3fb977ba999e82c8ef76f750cf7

SHA256
626c042488e934dcd88838396dc4b53fb6dd121dbbaaafce5621c3aa3983cef8

SHA512
c91d352b6a5a9682e348f1badc4646979a0dd35bb6e025dc78c6e2dec911d3833fa1c6a34eed91818de6bb17cd9641e81c7cc24ca233265c51e113a64608b23a

Download Submit
C:\Users\Admin\FunShion.ini

Filesize
65B

MD5
098663c45b01751b04762fc0673f566c

SHA1
6d746d9355e37feb05df8f47121b1ea57f5feced

SHA256
8d1ff906f8fecd9c5e66d49a309dcb45eb923ece244d9c299ce9ffe3d4b0ca09

SHA512
028b3dbf32756d01be54df786d50ad941a6a7ca033863d7b4c696be62cfd1a1701b598ff9a761f073821237f395bcf21edf479ef609a66a1ae7c62b95210c356

Download Submit
C:\Users\Admin\FunShion.ini

Filesize
83B

MD5
9891a31777676a2309f94c72e64b68e4

SHA1
e9e2bf7e60e9bfe47d034a7be204c3a208b109a9

SHA256
d9305919122f6603058b827488f4b5f83c1609866eb1d1f335c152d58d28ddec

SHA512
08ff5746bc815f9c163d46115d4ffb755ffbf75dd93b7f70b4a6d9cb171a119e8f2bb5df2cf579e001a3af79dc367a0da4358c24248b41b5900b5dc87ff0040a

Download Submit
memory/928-205-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/928-202-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/928-208-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/928-206-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/928-207-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/928-204-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/928-203-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/928-196-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/928-197-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/928-198-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/2380-94-0x0000000003F10000-0x0000000003F11000-memory.dmp

Filesize
4KB

Download
memory/2380-79-0x0000000000E20000-0x0000000000E3B000-memory.dmp

Filesize
108KB

Download
memory/2380-95-0x0000000004040000-0x000000000406E000-memory.dmp

Filesize
184KB

Download
memory/2380-106-0x0000000006830000-0x0000000006B76000-memory.dmp

Filesize
3.3MB

Download
memory/2380-145-0x0000000007D50000-0x0000000007DE4000-memory.dmp

Filesize
592KB

Download
memory/2380-144-0x0000000007D30000-0x0000000007D45000-memory.dmp

Filesize
84KB

Download
memory/2380-138-0x0000000007CB0000-0x0000000007D1B000-memory.dmp

Filesize
428KB

Download
memory/2380-228-0x0000000003F10000-0x0000000003F11000-memory.dmp

Filesize
4KB

Download