7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c

Analysis

max time kernel
153s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c.exe
Size

19.1MB
MD5

c28607b8b7880366e8166e388539f26e
SHA1

454fe8aa9b06d1a599725e7cd68431550b74ca5e
SHA256

7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c
SHA512

39a3c5f9906afc15b942e9b137be8d78690f396db8f492cc9ea854f017b0c82966b0c62cc14228977433159f19c2ca87fd8c159f99e596e7b591848fe20025ff
SSDEEP

393216:z7YbCNt+qBYyPQ3k0rlyNhKb7TnAkFECKtvRm:4WNtvq3VlyfKb7UkFECKtvI

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
552	autorun.exe

Loads dropped DLL 12 IoCs

pid	Process
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3624	552	WerFault.exe	96

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	autorun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	autorun.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	42	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4632	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4632	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2940	7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c.exe
2940	7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe
552	autorun.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 552	2940	7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c.exe	96
PID 2940 wrote to memory of 552	2940	7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c.exe	96
PID 2940 wrote to memory of 552	2940	7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c.exe	96

C:\Users\Admin\AppData\Local\Temp\7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c.exe
"C:\Users\Admin\AppData\Local\Temp\7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\7cb69a3c26bb348ef8c74fbd6f29b23326ecdf6653b45a533ba1a29f1e77925c.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 4660
    3⤵
    - Program crash
    PID:3624

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 552 -ip 552
1⤵
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:4320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Flags\flag_1_0.btn

Filesize
1KB

MD5
84407163bcf1080d784b317201c04544

SHA1
1c62e9fce93bf0265177e1f34261d69b7a93eb2c

SHA256
03dc13e8d6e3122a18e4b97e57b35a6520dc7d52d8f6947033e09cc752a361ee

SHA512
13eaf278728c72893d018136dbe24c57d60dcc12e0c898cf635543e0a4ae1a5437d1563bf415b23f72deb77c407f94b7a0a1b814802aa5e979a8a5106139bc28

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Flags\flag_9_2.btn

Filesize
3KB

MD5
13fdb0d841a750ee8ba3f3644cb77efd

SHA1
57eb34d6c31399be2df359be95ac2fd1c63575c0

SHA256
0cbdd5173218df13996f7fc444b950794e58cde28e0b39f8732644e658fab5fc

SHA512
0909dd66cc62547d99fe35d3ae32b19014be869c7b1cfa407e50e5ea178c42e23c4ac3ec17675f756c8afa80f05528057bfc51681f3ab2be7a02fd290bf38e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Instagram.btn

Filesize
6KB

MD5
9fe8fe7665b43a9783b7a6e2ddcb3ec0

SHA1
ee8476a09f0d9cfb5d0154d0d76757edba3486c8

SHA256
012407aea1544e22843c1f846956dd4cfa40d1e5b5f8121e1f86709558b037b6

SHA512
66227b0d9f240134fe89e72e9ddecd384c6d70c65bca3afa107ea565ada476336543a64b49adb3e495027200576aa67bb6a4fb6ee548b3ddc95f429f58f56ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Lokum\settings.btn

Filesize
1KB

MD5
fdb34a9f6a4b20405015d5a3a6109cba

SHA1
d93ded5013931f5f62d937850c42ba32693a07fd

SHA256
710c60365aa324425b104ab5b35629ea562ed352939cacb9ae22391624605c57

SHA512
0cdfbc65fe47a1b0b0b1e716398f9158f7c5f23758cdf285c8f94ed807471d0df45773f0b9facb76f2e6c486b560255d7fdbf954c12d500a3e45fc32550aab54

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\br_bayrak.btn

Filesize
1KB

MD5
14fbfeb469a1873e99bb1da48d2df19c

SHA1
923fbf3590fe8b676e38691dada22ab572293b03

SHA256
b80274c69649e3a2e9c4deecefbaae3ad8ea9257542ad2b47e2e0f549ab4f62e

SHA512
358c00a6f4b674a947fb1e25830452f2937a8f1bd961f8b27f704fe99ef9714234840f1053553ad310901a5038a29cfcd22ddcf65f7d2ba8ba5d37a0757cf419

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btn_academy.btn

Filesize
5KB

MD5
23f5b3bc6688b6bb3bda44eb4ea6fe66

SHA1
eee9afd52e01c36863944b434c7f80c96f250768

SHA256
e04a4522258a61ed32709bec089a2f160d8edf17b9e535721d6c62b9c0663cd1

SHA512
be81d36f1ab5f14e473092a53746a24448bfad87e8e014391e2c387583bb5bbdeaeb8a4a266352841f094ffd2abce48c6d72ce1f1ecd5a40e192cc7f3fc40ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btn_atolye.btn

Filesize
1KB

MD5
4253c1abdf48c7de2c773c44638ba6eb

SHA1
336e45d131a1a9c4ff51361e2adc68680cc97d7f

SHA256
9513820b32ee4fb9b9493ac399c0b81fcf982b8b37c0a45eb501be3376573fef

SHA512
9658721624b435843caee7add3d8ca2f32413988e3865e1297bd06965db8025936067bf3c10a673e3055f3d7283a66c2d5ecf7287f8852d84b93212a8f6dd717

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btn_discord.btn

Filesize
2KB

MD5
1446bd5d5b191ffc5df1d9f6359a3c75

SHA1
74392c709715d17d8e9e3f1d8f957e023c44fdec

SHA256
05282eb6738502cbe766f8f9d22c7172ea665c00005420eefb5f1d0908918574

SHA512
8811a88ab563779eae469e0f686047093f25f640c1734c7a10b79527e83ddaf9f13fb153bc2b404d0aab7e45305c37c064a7d445d9f968c2a857d7719fb51d2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btn_register.btn

Filesize
1KB

MD5
fcc6297d3f2f3e65c022419f25824da8

SHA1
7867404d6a65d0b6ccdf0c593ca5050a99481693

SHA256
f58aeb4eccc2ef4fefaed3ff6ae2fdd177e331b18d24b6993b9a9793688c18d9

SHA512
669bc8d4dbe1d95296d63b4e03e9196b3b4d2840c7625d5eb3ba18b0f33b3be97e343db1677e8bd0fa63b4bbb51e3e50041bec95e787aa8b92c74a88f652e35f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btn_start.btn

Filesize
1KB

MD5
c277a539ec019e9b66ef705e19f33ee9

SHA1
ae3be00c89d4fdb81af929e21367c5c0e4b57c2a

SHA256
374a4d79fb0ad69b2cda7c5ab68bd9ba4402508516783efc7829fddc9a1b6c5e

SHA512
38e8a92fac3ab35a8a95d3a07c14128740f72dcd73d9dd1665ad37c3953d76b268801089239f595ce90931a1f19de5b3e6d754382f0f8d1539eae27561bab1fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btn_steam_login.btn

Filesize
5KB

MD5
5cfa4bed3122ecd582e41a9bc574c511

SHA1
de3dc7d7a5f7995b9e9e3f5efe20a3bf40755e1b

SHA256
1559973bfb78b8f0b0295a68299a17365f53ec284ed7c2af8578a18f02cbfd43

SHA512
97a16562bce68ba4c0bff761e90e6bab7d8ceb8699791dfe3ef644f66a22488b88619d022800abffe1751c7c6f40230a3d38d18a04740cc1ddf6345566a5c76e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btn_telegram.btn

Filesize
2KB

MD5
a3b611859cc116b376187186f30faf25

SHA1
b18219474b87451822d3f4e972f8f834f22c63c8

SHA256
071693ec7e84cf9a8971452933dc516d3afa3c84105e8cd8821d2523184215aa

SHA512
b4dc72f2da77e94650cfcb9a6e06d655b759befdcdbf15b3b57eb7eb00913c8f09cd1e67c93d4e7ee4f9f47e4f9a577a9bc9220ac770ebde2bb180ebb105a071

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btn_threads.btn

Filesize
3KB

MD5
8c272aea48bd29ad61acab1f2084574c

SHA1
dce0167aca38b96f911e23f614d12d7371bd9593

SHA256
a2243ab02602fe78a9b1cfbf4813c50e2cb642e5743abe7faf05ce9f4741ca1d

SHA512
a6f479d0ca3dfcce93d8b47039bf78076608046c1259ca9a236c3688727796fac550ff8e4851503fbe37ce6a4a0d3c9d1e29d21e994071f6e3b043db795f5725

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btn_tiktok.btn

Filesize
2KB

MD5
83751324460af169a1fbae1be1991a48

SHA1
43da29daedee493f0a7a6eb331038689d25e3214

SHA256
3e93f5228d1f5cb3566ba4008ce7aaaae13981c6ae0049db26b6e82ef2d98d85

SHA512
fad27dbba33cab18ee47dbec394b38da825ab7c6cc3c2060ec581c380f67f86623d5fa71aa598112738bd08360b75a47621b751fe13c7e07b4820582d6f81ec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btn_zula_login.btn

Filesize
2KB

MD5
41417d080aa7c3699f54d203b11e797d

SHA1
61c68594c7fce3b0228c033f4ce4e4996e162473

SHA256
3c685097e1136565d09e47fb19fea1afa38a9cc35491c50b2c00df501c0644c2

SHA512
b2e3464db89ee8f5bc63d488e3b820afbcf4f7c2e1f93c0a8891a0ed4669d03a59c539347daa1e6bd8487b9a6e12f7ce692801bb8d57dbfd8a5b850478d6fe28

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\btnmenu.btn

Filesize
1KB

MD5
1c5710344b4dcb2c6f861d8c38bcfef4

SHA1
97297dacff7e5ca394b3942e4491946649d6a627

SHA256
88bffd71e4a08e4904c73e24b25b0586bd7684511f5e7647aa8860218ed2645f

SHA512
45f577f0fbacc11b52dfa0940abce1e6562b2e275aa6d78d7a855609671acae9d555badddb2bf50f9fd099f8d5578c50c3ac7ae81f5ac389ed7365ac118882e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\close_1.btn

Filesize
1KB

MD5
11c72b75ce948342195f3531b55cf388

SHA1
2b15894a4982ff86b6cdbda4201fb53843863634

SHA256
3f1d17cdc0075a0ce6cc300b97b9cc6fe20b38ef44832a4a1d19eb4910dfc088

SHA512
4bf6b4f4152659aa33bce581e4ea1b713eef8b3b79efcdfb9d5dc62ec974d2895f9cfb294aac0cd72eac7bb46a40ec61de9926364bd3a45781dfcf81a463e1b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\facebook.btn

Filesize
2KB

MD5
40e933320c437438e8eda61abdf5ca72

SHA1
7675aaa610a98661640c1a4fa0e43d7964b20be3

SHA256
c60d00d1181ca59060c17a7a8b326146b71ef61ed6a254819aa34e7534abfff9

SHA512
429540e49a0d9bf9a694d738d0e58e18e4a982301acf67a56ae5c1f71cc8f5123d794d4ddde5fc0ff7689593536b0874c7387f406fec5865ca33642b055d86c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\madbyte_logo.btn

Filesize
5KB

MD5
0f3f3a9974fbd99d72e29f6c811ccfd0

SHA1
3ab0c968f29636b064d1e93fe0c9f0b22f7137f4

SHA256
92dac629289c475991e2454f307b938b1baed9bd93758fed79b97707833d75ee

SHA512
c41217f8277263005f1e19207ed59670781acc7c083fbfd52d570f5f5962ff8536a1ae950e09d54c5eb484050c7f50b1751f0a59de2d5bd60d1838e328bf2259

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\minimize.btn

Filesize
1KB

MD5
35060b5bfa43e2e516bf56d7da30bb27

SHA1
90ea5b592d51549fbb5837385793cda971763f55

SHA256
c7fa6c39dd3f84a3e1a7e31d2affb54f2521069cb3303a24b195c76cbab30177

SHA512
40cb04e3a625b1ed6e1a09c17c644cc6ba637b76c6cf85d115dac7d462d298dabb5671cbe199a598d340db92ddb07233e52263c68880428d85afadd76596abfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\tr_bayrak.btn

Filesize
3KB

MD5
cccffc3a273358ed13a12db73f2d15ae

SHA1
1668713a24063347e941e12db986b3d4034b00be

SHA256
1d13a5b576a81c1d2f7b700b1922446f84f7b0f44141dc3e9bf7c24313dbcc21

SHA512
dc7b98fe034620a4573e35d8125566732ed97db43c5d2716ba7a398516fbcec352629c68dd81464c2839d71ba955f59f4c4f77c5888e80d1d901a0b08e7c1fc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\uk_bayrak.btn

Filesize
2KB

MD5
78306ba63b83c4be1ae5fdb8bf392379

SHA1
9cf4ff82abf69b14ecf6662830f3ad1baa535171

SHA256
b9d73dcc8b009aaae02c776b04ae4e4d09b4e0571c06fd09f47c794952d8619c

SHA512
faa7f9185f72e169c8766d4ae4aa4e377883eb6e67ed09b493d2e3f85a88153e146a34522dd337ac80b1c61f6bdfca603b85b1ad9815c04afd0581361e219c86

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\youtube.btn

Filesize
2KB

MD5
d701debe88c02e4225e3cf5dd84cb8b0

SHA1
a080fe9afa749e683f4647badcd52a94700590d4

SHA256
09cf6bf98c36f9998a56d3d75d82a8d10efc221a6ea48064e92e42de49f34c37

SHA512
a0d1998b211fcbc9d83433be33d72f6ff42a973334f0ace00124b12377c02c1f001c63939ff5e56dc1f7eca3d4b5897404ed8bbcdea4f6a1461759bd7b8fe5ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\lang-1-44.xml

Filesize
11KB

MD5
27401cb17b6b0ff06bfd782226402255

SHA1
3d512d6e290940736455179a18143f6f7804b6b1

SHA256
714a6444d30f4aae3d2b7a9910bbb57b635d29b3f699617530c0102f5244d1ba

SHA512
60f033a4711329bf21e0c75b921320442ca64e42fa848335f821b63ed1a265b4346e41d1c537bca719986951e8ff2c6f1eda1f365bb208c04ad330f3b4b3543c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\lang-12-25.xml

Filesize
8KB

MD5
61393223399dc8532fbb12294fa240c0

SHA1
f841a99a50b85b176eefdc06d516b32dd3aa8b12

SHA256
82b1c6d3ceb4f344fd663c713efff1db24df10dd0ea899492e6869993d936495

SHA512
bedbdc854dbda176d7d97556b2a252044b583e03eab481de3b9772347b3348a61d4b673d35c261a16c03af8b79163db15ef86f295e7edd56dfde9a2a7a7b007c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\lang_1_9_2.xml

Filesize
12KB

MD5
95a1467f7689664a5683e7c538cb8a9d

SHA1
355843996cddb0274b8bfb068b0eaaba47304fa4

SHA256
1a258e7284472b4d2faf3035d2a672e166c5dbab2d46e398d59a2dfca3dc2c31

SHA512
94340c05923bfe4b72b0fc80a9a04a661fd90b80b55bd936e0b2a339edb6ca060e38b838eff1605c6e1ed6ffd2ba07ad54706ffeaed2cdffd9fed0312e9618ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\lang_3_1_0.xml

Filesize
10KB

MD5
c7432de13ca449411e0e904988f9165d

SHA1
d93ecedcebaced4418f076a84e94a898c2b9b183

SHA256
4f8b7b399f7f5f467a94ad446576d31adca57f943ef597bc9d599b9366da5fae

SHA512
f93de17fdb41860a05ea9ce00539e783f42da7123606eeb8a1ad0ef632a6604b35d4c5ad2ca38b8314ab98fda3cddddf25be7617836271bbf94a9cdd4cb4015e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\BG_Mask.png

Filesize
7KB

MD5
70323897e80f652dd0ce818c4a2f702a

SHA1
2dd7d82a343539bfd53ced2ba10988113869ba9e

SHA256
7ddfb2c017ca06076cda35a5676edfc886e7b7bd65b10f5cb5d7be77b3659a10

SHA512
3ce097314039147c18857d68c8bd06c081e7b38a196fd6e9e68847ff2e2828abc58e2e80179ef06540d3f34168c4a6b83f969ea32c6536c963d0d27043315376

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Dialog_Ban\ban_bg.png

Filesize
125KB

MD5
d57f73b980c8b122d7e04297db8d5b7d

SHA1
188439ff4f29879f7806729ca2fb5a0ea61be6db

SHA256
eece6fd42886ad30f26ae705b571fd689afa3b713ce3909437bf69a5646dfecb

SHA512
251e576121abb4b7a766422e21e41844a0fd1a170d52ac34d44dc5b78ae91e0037fe98094202dfc0d38269f16a1267b8b6f88f535d2ee77682c7e30ff992674e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Dialog_Ban\ban_mask.png

Filesize
4KB

MD5
fd087a6ec1e356f541124aa5bb065923

SHA1
f5c43d10027f8f3922192177a0df33c1156109d3

SHA256
ed939951577ed338672d210f40a99ebbe4300571e773797c2fb5a481a098ef36

SHA512
2a48072a94d080fc6718e7b622150e2f2925ef1d0faa29d2ed65f528c7d5a6a80429c6d6f3c79b30efdbf2cddb0b8475b37f0845c99a586e81536d4777ab142a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Dialog_CafeRegistration\caferegistration_bg.png

Filesize
108KB

MD5
35358d95ae7fb3b3285c0268ec95dc3b

SHA1
4824541f61d384e1315c4c3bd8da1206ee9b53d8

SHA256
ec423edfa114a9eb2cffb91a5bdac8f961d2de8748478d9f70e6a569eb788eab

SHA512
a295f3b727afd4dd620d3b20704fc1cd81ac6ad50df0157eb6baf38bcdcc159525a83efef85ed03284322dccd9aebcb173bd28278c175a7b4c5cf53821075b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Dialog_CafeRegistration\caferegistration_mask.png

Filesize
2KB

MD5
b57ae4a389c7eaf69667b0f736412778

SHA1
75c4631e7cd92b5781365bce9428d15df491e740

SHA256
607f8af3031d82a28ed53aec553693e27bc4e6daa4f4a312ffce279edb2690be

SHA512
d3435ec2efb36e203086f7f77c846f03a48ae2ae4139d6aa9ef62bd737b7cadbe2ec44b275c0aad817bb0993f27a83e87f231095738c3c0d10d99690813602c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Lokum\bg_44_1.png

Filesize
755KB

MD5
c011255ecb871f2dd8b0d2983382564d

SHA1
5a9d732212dfcc6ff8374a111a79c4ec98273147

SHA256
bfa515887062c04655f9b726404ee83c00c0bc812fa08730a99bf9f9aed87875

SHA512
9a285c84f4e792e36a2d03de45488a854ffded468d63310bd7460572e06e94725e963cf66aa714304ee2a44ef3f7edc101beadd60493358ab3d7c430f192731b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Lokum\bg_9_2.png

Filesize
756KB

MD5
f83cdf4b766490b3f1ef3ec06dc100d1

SHA1
cb30ce022f7e7447700c7e75d29001f9133ba3ac

SHA256
e84adf90e5ce3450951e87bfdf2c1cc1fbf27e293ed28678f10768b07d8012c4

SHA512
5a005d37e63a44535e46007b7f29feea2d01a304d899b01b958e398bee593234132991a7a36d7591df17922294a48bb76cdf962ddeef47a6806f6fc6fa1bed63

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Lokum\zula_logo.png

Filesize
11KB

MD5
26a13bebaac847f7eb6d7f7ba33eb416

SHA1
d3e885859a6234756a4f539556dcfbe2419fb48d

SHA256
8173721b4149ecd2b6998ebb2f0ad69f22d9aad2003271e3143efc4570bc79c8

SHA512
5ae838cab008394b25981ea70931f5b708c9edcc785d3d1b89b03819930a824c57bc5f18995fadaa5b996f115908d887447af5a81df60e777450efeb2472169f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\SMS\sms_bg.png

Filesize
60KB

MD5
0222824e20fad25b56fb97d011fde358

SHA1
94c48553c99da304f6c702ebbd8c26345bd81fa6

SHA256
fef53254e3a382af15bf9ed3b1504a8caf1fb98066f4a9777388f62919a2cf72

SHA512
6c1faa210b987e2d26f204c9b20e31d2cb732cd778f4eeeac8399c41b325146453a04201ffaa9687f777252931b4439dd1df674ab567d374d69c074c54210a02

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\SMS\txt_sms_code.png

Filesize
3KB

MD5
fa0d3277e16b0243f186d28cf315b6b5

SHA1
cc9904a3ea458c34bdc69b41065adc019e3d651f

SHA256
2b8d9d320fe81bb2845f398a9d8796baee8d909e931d5df4954daaa8a4590de4

SHA512
eca64467c7d679396413b0d61f845ea001f3f9f5a57534926b82114d77e024192a6cdd9e09316b3c1699b9f0e4e5e13d9b1903ebd310a8533f2b6dbc9b1c3153

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\bg.png

Filesize
646KB

MD5
5bd3fa4e18343cdd06aa0b64a31add94

SHA1
89eb15fe386ddb3d19f36cfa32402e3aff9cae22

SHA256
af177bd6befd45793957e59fd663b581a7924b798e0b2009149020ac26019f8f

SHA512
6150fd218aa4ac84df1da1eea3009fe03c2ad98c61da81c8a0f58c5739fc728defdca6e49bfe45435cddc713df680e36fee2fcf1370cb543e985a15623307377

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\season_logo_default.png

Filesize
30KB

MD5
9d37771fc8c9088c437aab418e622f2d

SHA1
4f9ac8fb0691f15f48ed43d771fe1846e12e6d1a

SHA256
4b01784ef266e41836356e8d844fe35bcd8a17fe2ab0ccb5db7e6c925db19547

SHA512
031546fc4862377ae0f72d1ef3ba45ba695f21ca3ebcbbe96048da6c4620b6844629a12da6875316912bd4703b463c13559916f1c61edb65402451a469b16311

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\Download\Download.lmd

Filesize
208KB

MD5
75506a09a72783d3317fee4cb35ee88a

SHA1
f2c8fab84647709747ed6e7d9e9dbfbde3ea3c34

SHA256
3820b72388506cc90b7bbd1852fb7961a2d1e95409d7c17ec6f271d8088593d9

SHA512
d7f7961c1f8782b543194c66dccf8d6b5fe48b7786457fbe79fe336437a71d92619d66206e7364e5be8c9a0859b9cfdb5d650676d694171e186512d2cab38adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\JSON\JSON.lmd

Filesize
220KB

MD5
88b5737462eb234926526237079354f0

SHA1
92edde7d067991318ddf64b6c9a095fa08163cf5

SHA256
d662c12b21d966f1e7682dcef6ac21eff9667186ba3613f8f842d6b035507d48

SHA512
f1e32608ea96db1f2a8c2bd556dbaf92f46c53aa3ef4c90cc459905002a45bb8c45227476fd78c2a5a80c0101125f43c972546092f0925f0e1cf6c0121ad00a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Plugins\LuaCom\LuaCom.lmd

Filesize
212KB

MD5
7be94c6696c5d184dfe165372d9d65db

SHA1
e957d642663a125ea4d8791913dad1d6316f57dc

SHA256
90fdd090cbd8206974a7288557586b5eb81405d8d69229cb78f6dfef3c668e41

SHA512
58cd71ed4f02396a0b2206ca0b7c2e058a3e18ba487cfec5a6b78c0dcd651e2f142dc783e953007b8fb218b58cd622da7e03810d5cef5c14327f2af064d6e4d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
2.7MB

MD5
b35d2fb1d9bac00b845acd45ed758fe9

SHA1
145bf1be1076b917d78e0a32e8c347f97741d03a

SHA256
fa1466a18197d69e6bf0e7e388ab2439781bfa51a8ebb891d2efa1b3c890abf6

SHA512
c964f080494e0a824027388651e77fe8ac4cf1544d1783e1b40ec10fcea49fd9b58df4fbc386ac6c2b16b4b52936686d127d6691640d17fe1d45cf7bb08a352f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\LauncherLibrary.dll

Filesize
34KB

MD5
578b82c6d8de2960b25a365869c5a4e5

SHA1
72488e43fc5d116787705b6fc9c9d79c730562b6

SHA256
2523362973f62a9ae766d8b36e8b8f825c9dc61c7e04fe7c653f8c53ab5e92f9

SHA512
326000d361b7dccb12ec9636266a51df37e731f85443ab74f27dcbf93e0557fda2d69aaa708bda87185285889185ca0a2d83f6efae137b8d2c030ec43d52fb14

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
5.1MB

MD5
fbdf06a19133699bcebd740b1ee182f9

SHA1
d87a0c5a487b09bd5a179fba697249f5250deec9

SHA256
18442a1f21d809f7377e5738499403d1f1aa00b5366df788c9fb7c1dfa066e0d

SHA512
ba82a58fc41d3e341e378e2b0a59064daa588b087484627a4f6545ffe3536ed2b7288edef0ebfd04e1ef9c9b12bdb394d72f0866a4390b58bf092d12b5e4f969

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
5.0MB

MD5
f954748b8f03c9fb4955c35025ed96d6

SHA1
8153213a89acdb24b27c528106d3411da180373e

SHA256
be6bcd14839212fe4ce1368f6622bb31431233811eb914e3946eb7d7449a0421

SHA512
0d5b362b55d6c63fdeea11e050ecc4fbc694232954154bce7efc91cbb567f3c198e2fd16ae1b872d9e02cf5fea33f9df3dfde2de97856805939b275cda26a0df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
327KB

MD5
50f1d9f2093914c7712068608f3d66f2

SHA1
c38c655526b9ba929f01259cd35abb65744448f0

SHA256
ebeb211dfe4fce993d63206b2e3f284b569274db4730a8ee341ee81eccac9a5f

SHA512
07841d260770288f34b3e6413f6044742d82794d0812d9d58ebb2b881f935ee7661c94acddcf3a25817a98168789de0e0e0a98baaddbac2ec097a3efdd22c9ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\zula.ico

Filesize
164KB

MD5
d480ff567ce958d389dcad4bfc3a6959

SHA1
17480500037643aec0d716b63c686fd666bc6f9b

SHA256
430bb095f247258077c46479529174caec9a0fb620445a2ceaa3e3d7310f393f

SHA512
7aa8f05a0ace175d8801f191d5e03dd104d8c9f4e2d9d16105dc65cb948ac2f1b8b13f4545de580164dc8e7703297b1ce558942e499197f99733ba6da62bd6ec

Download Submit
memory/552-651-0x0000000003E40000-0x0000000003E7E000-memory.dmp

Filesize
248KB

Download
memory/552-656-0x00000000041A0000-0x00000000041D6000-memory.dmp

Filesize
216KB

Download