4c5dd2c46e739b404b9cc34cde0a025479eb1156daae2325fe3fb94d4e66dd61

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qqzychess1.5.exe
Size

3.3MB
MD5

07641055f58ce414102925f82fc2b241
SHA1

fb5976ad29b167e7b565f641c57b6caa959d065a
SHA256

7f307d5d2fb00add886e95673f3712d7cb8d4415d132f30cf167c2276a73afad
SHA512

90dc86dfe57f25e83f8a5c7054da35d16c004885551ad29fea6d7eb4a4dbe413c5a8a3fcd12f6abfd27cd8543577005aa979aa85dbbdecfd68812e4048e20cb3
SSDEEP

98304:vdVkZ94WmfuhUdO4wjYBLryyoMSiIbZn3TgFsrFql:1kkmU44wmLaMSiURpql

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3988	qqzychess1.5.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023223-235.dat	upx
behavioral2/files/0x0007000000023224-241.dat	upx

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	qqzychess1.5.exe
File opened (read-only)	\??\B:	qqzychess1.5.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\VB6STKIT.DLL	qqzychess1.5.exe
File opened for modification	C:\Windows\SysWOW64\VB6STKIT.DLL	qqzychess1.5.exe

Drops file in Program Files directory 34 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\freechess.dat	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_800_600_16.xml	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\QQChess.exe	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\BOOK.DAT	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_800_600_16.xml	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\QQChess.exe	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\wpsdls.8824.37.exe	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\freechess.dat	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_1024_768_32.xml	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\QQchess.ico	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\QQchess.ico	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\bind_8134.exe	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\sogoutb_setup_pp365sosoft18_mini.exe	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\Hand.ico	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\sogoutb_setup_pp365sosoft18_mini.exe	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\×ÔÓÉÆåÍõÊ¹ÓÃËµÃ÷.txt	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_1024_768_16.xml	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_1024_768_32.xml	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_1024_768_16.xml	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_1024_768_16.xml	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_1024_768_32.xml	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_800_600_16.xml	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_800_600_32.xml	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\wpsdls.8824.37.exe	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\BOOK.DAT	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_1024_768_32.xml	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_800_600_32.xml	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_800_600_16.xml	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_800_600_32.xml	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\Hand.ico	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\×ÔÓÉÆåÍõÊ¹ÓÃËµÃ÷.txt	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_1024_768_16.xml	qqzychess1.5.exe
File created	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_800_600_32.xml	qqzychess1.5.exe
File opened for modification	C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\bind_8134.exe	qqzychess1.5.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\	qqzychess1.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	qqzychess1.5.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	qqzychess1.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	qqzychess1.5.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	qqzychess1.5.exe
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	qqzychess1.5.exe

C:\Users\Admin\AppData\Local\Temp\qqzychess1.5.exe
"C:\Users\Admin\AppData\Local\Temp\qqzychess1.5.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:3988

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\BOOK.DAT

Filesize
1.6MB

MD5
6a403b6af3d08fd857881d2e43b9dbc4

SHA1
46f22430f443f149f7a370b337bac318ada871f8

SHA256
d97e0f9c7d4d0012b09db65212efc6fa544dc314125e28862e0a524bdfa60570

SHA512
4ee56bc0fe174599f8f3c8149fde0aa12d970dc2bc7638d3c3d59059d1b486d274c94e6e56047660357231c31f9b02c53e683413a528b89b7c7c4431f1191d73

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\Hand.ico

Filesize
326B

MD5
36af4bd3e963bb6d681c3e043c06f504

SHA1
7a1c7a8646f6e47f38dfdd3874ca90c05d52507c

SHA256
87bfef52971132ff30f7713898a8e729e6f54976eff957e47507f14469455976

SHA512
6a6a4780b82b5539c6abad1dbd94c562e0e67250639649acbb2079963af8e740a6fd02e5717b61d4b21c5c06d16055e2cb55c052281be4fb706ab625ca8d21c8

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\QQchess.ico

Filesize
26KB

MD5
bac8ea9db3e69a070afaee8c3c4be8bd

SHA1
4a33da64064df74b736e70681e1053db91582cd4

SHA256
76a72b4019ddbbd0b9de064628ca8192e31a25685a999f1411dc6042eeb9f29a

SHA512
35d0095f675e3324fcc782b3522176a55a8128b9215d63e08d8d68932d3870e4e05ba39a407f87f8de1861915a14654e02ff7916bc9d06a81bccc43fe3322b4a

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\bind_8134.exe

Filesize
48KB

MD5
1d10d5969a37ecc2dfa60ada66a13513

SHA1
d7282609636b0835fd8a8981586ea59fb9fbf9df

SHA256
748190035eec74d824400dc4ee0a1e0317349036a5a71aa5323a965fae0bd716

SHA512
aedda18d58f3b00679770cb0ff3033c20092a50fd0bed05c55988d6b075269d6a94fb7bbb0816d22855296ba1e8d0ddfc485c23c73a81f75c4e305e519bfe4b1

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_1024_768_16.xml

Filesize
45KB

MD5
8ce1df7b74c0a3d6695efe8782755fec

SHA1
0d437b83dd5dcdfb1802890dfe698956e2eae047

SHA256
cea7093f4fbee2e0ceeacec2e271ac18621b7b350ac989f6540501abe6948e25

SHA512
8eab6d9ac1e300fecccb7a255fa4256527b0bdeabf69a4ceec43cc2ce0936ab9cf68b9d61a7d4aa92fb06fc17539db13ed51cedff356f67501c2a35aad530b77

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_1024_768_32.xml

Filesize
46KB

MD5
b22bf6737666e680cd212febb8857350

SHA1
23419740dec2498e67667c7382889ce14a6e706d

SHA256
720c1497565691ad26c05801cdeeb078347f458cfbbbbbe17a3cdc21529aac9d

SHA512
0e68cf3f13bb028c1a0f2acc6e64cb26674b2b1973401a9a15a02b81ab959d81780b40306cd747194376585f91343e0a65ada5730d9067c145fc1e5cd9ae277d

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_800_600_16.xml

Filesize
45KB

MD5
db0e4e68a1d0b6ae1931725cd36af672

SHA1
f45047c8ed08ed2bdc3af7ae8bce72812bedbf68

SHA256
ce9c187239adb8f5eca02239744d522fa8210fbb7bf97a7a854b09c827cf8da1

SHA512
cdfdfa3dab16f644dbc97e0c8850be3f7f97357f5268f4dfd7081d30b6e3e3352a4af166465f9bb6a58c20e7db5ec8218ba349c5c846ab6632461ae77a3e1450

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_800_600_32.xml

Filesize
46KB

MD5
61976688ba839fd4db12fdc53e5ce4d2

SHA1
4ec042a26dae337105930d15a0a77a0e5ebbdfb4

SHA256
a80fd5db84f661cbb9dfb40d88d0769f60c263cfdee40a06c43fe00204a619fa

SHA512
8f8e93875cf3c24bdd65dd883c1be739f8ece495014f614b35833051415002595e3f27470d7c044838c0a9ea5d469f0c9da3c45f32834cb3e80ddbdb0d874efa

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_1024_768_16.xml

Filesize
47KB

MD5
a6bac4bea0336f9aa31c2efb43480dd8

SHA1
e550add526d9c48ffa582870719bdff330b1a3d5

SHA256
681ce26393ddd16e418fdfda1c5d2e4b37abc5b91f2921ce2aa74f922cec3f53

SHA512
2cc6eaa87b2f2ca7f020244c82b0c005e4a5c0d7e322e9b3c411c5879aa5ad683c168e37dfe10e088e67ec5872cac5d393e0e6b3318eff1b1e13449ddc8259fc

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_1024_768_32.xml

Filesize
47KB

MD5
bd0b8da44efccc9f8f65db6266526672

SHA1
597a6e06752f14aa824d31919994cc1394094439

SHA256
401d4725ca29dcee185024d7e3aaf6e13565c306a3994268167d409f92a64f0a

SHA512
8f59946bb0e5da019452cb847b90a42f2aae9ce703a2991512085187a788f8125dbcddf53e9c95860ec58234ed7b4f9ada4b1e5ff9d3a3a431991850041cb16e

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_800_600_16.xml

Filesize
47KB

MD5
34b4e692ef325572052cde4398edef6e

SHA1
1cb18dcfcfd3fb0ec09470e0f8aa82ffabd97029

SHA256
6d3176c2329ff0e4a14c19c107f8fc5556c02f86a05ca657907be7b3730abeff

SHA512
18259713bfab512d622a32c68b0d8efe72561a83e9fdd8456a544d7c117d7e9ed7c418a3f0bc9782eba4f1ac12744a7822f8764506e841a4bff53277e266370f

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\sogoutb_setup_pp365sosoft18_mini.exe

Filesize
281KB

MD5
194d0098b1b7c123ad782613d2af359a

SHA1
c99c812abfc2f08e8017d77b8f761262173f1b9f

SHA256
05cb280095b94315a446f74cccd8af3b2ce53b674d6d9025806fe660a1cc0f4d

SHA512
25432e7f63f6a1f3d3d3329e914b50299de047c45cdf25a60da7eb8ac49b38cde6c69aaf98aa52975b8467efcab1841bcef61997bfc5ea84e25a16c964217ba1

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\wpsdls.8824.37.exe

Filesize
232KB

MD5
99e6662b4f2abfa53937cd54207b8e06

SHA1
67d0087a36afda2cc282ce053037b137b48f317e

SHA256
04115b0c94d043af4d3d00980569aea2c43cd3f3e68ff29663a1d87fc3d7411d

SHA512
84df1dcb356c5ab1ea2a068863bd1a680cc1f3c56604a8ddb3f0c364d7750368c83ef91f9a08a277a477b7aabd286aaecf852b627bc5cc8e9d60d609eaa9fdc3

Download Submit
C:\Program Files (x86)\×ÔÓÉ¿Õ¼ä¹¤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\×ÔÓÉÆåÍõÊ¹ÓÃËµÃ÷.txt

Filesize
1KB

MD5
b51dbfdf5434a15ceec0f6678ff1d7c5

SHA1
4d2a98f1b4eca33f108c3cd198047b342f02be78

SHA256
9ab61bc7a580e3e5daa890e5099598560b1bbaaef53f837a2540809fa3788748

SHA512
ef47b83420934d2ffd38e2c59170d57e17f3dd41f0211616fb1a91ea856b653144b5194215bde0f46165dbf59c413c306ae95cb8e4cea09e3a1d94cfcf943269

Download Submit
C:\Users\Admin\AppData\Local\Temp\~vis0000\English.vlg

Filesize
10KB

MD5
0e36eb1ce14a3391a8073c6b22766908

SHA1
74b4f58d5a0b97b5226e41186bf00cb1493b991a

SHA256
9d4b233201a2d0e22e3762e8a269ff8742c2097d6cfcf707e01fc7f0bbbcb951

SHA512
2b708e24a5a0bc99d282c3465796e121421eb43c18295496291c3e21747fbd3de98250d0dc41d45950eeb7684dea6381ff37e8e2ab90228e7f27f87e86c9fe06

Download Submit
C:\Users\Admin\AppData\Local\Temp\~vis0000\QQChess.exe

Filesize
428KB

MD5
7b0f429df3dcac3f5656a3945b78c9bb

SHA1
f02dc1ed18460887810bf6cacc1cc009193164c8

SHA256
bddcb85c3cfe7c11b6430e68dff2f14c3d1eb9d607e084f50a3f981cded2c756

SHA512
b46aa377714dc96e8e9a09e0e8db512ca8de03b5bcaca1c805f3c38a77d4ea907fff079158dceab5d297a28d30d952084eb94ea3d69a7870f69d3fe4aa4fd47a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~vis0000\default.bmp

Filesize
18KB

MD5
f372b11ff99bffed4cd279c0155adede

SHA1
89cbf60925076e9a14fd48b13790422b43a5b989

SHA256
d9d5e28eb445e7986bdef4d409868af205d525f2f0729427dfe3e33a7251b15d

SHA512
e902f0d7ff0e2af64ce3e8ae6d704ec21b04b35ac3f25a9acd53938b3b66fbaa02b25e816202f165e2d7339b62d2cd6fe9f764d64eefd5b24d1a108cb4b2679f

Download Submit
C:\Users\Admin\AppData\Local\Temp\~vis0000\freechess.dat

Filesize
80KB

MD5
0845b969fa366b3c5993c7af3161f02f

SHA1
1a2012c38f132fe6cd4e5565637ee3ad7f2a5fd5

SHA256
75e7a88a0df19fccbbe04b94a8811b9d7af0d4ef9f2666cf34d09c56ce137e82

SHA512
482242175f3d7c4950ed1c1bb7f568d60a264d548b5da74f5f30e5539582a3573ebb265d6665b47fc0ff54d875cd6e7071ada9680fd85614a3c5cf83348d18fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\~vis0000\qqold_800_600_32.xml

Filesize
47KB

MD5
9e8f5a3869736b2fbb9d8c354306d74c

SHA1
bd871e2afcb06d2ed0e42483c57bdb182cf11372

SHA256
648bab53e65f9fec4a755e3b9b450f82ad0e16c3dbdcebce389a3d66a606a49f

SHA512
3b8a812d95a480bfe4ae54e37d84d0e377d3b62b2dcd475fffa14de5dfcadaf96feb3cfd24ee928105c107b6c8e8b598d6c98a4e89d552572cc0b5994c019ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\~vis0000\vise32ex.dll

Filesize
500KB

MD5
2c93e8c9854cf42d621b2eb05c420cb4

SHA1
515e440f64a141d6f82bb8a81a2f82a826f0ffc2

SHA256
27170b52d5d6887824aef79ca546c9eca7755cf2eb632b1129302028c99aa7aa

SHA512
420e45169a352d0575a9d1b1ab341b51ecf2be537ccf404d6ca02f24e0084591c5b200ed70842eec9eff7188c8d893c9303d283e8d4c131d96d05f3dab8df40a

Download Submit
C:\Windows\SysWOW64\VB6STKIT.DLL

Filesize
100KB

MD5
737be44c23baf9c094c46ff7d4e848c7

SHA1
08826635b8efc67725737738a477fc9aa2f594d0

SHA256
6fc6ce013a693fa291a07004adb3971774f420235e78f174d59de8e881f23530

SHA512
f147c3f6bc874eaf714d817a09556929129cbbc4c5ab0e89796aba07d876b90f01145d759e4a68d79429a673d0bb9297dba4382500515349da76d5e464f5c439

Download Submit