867e40fc8a8dd177826bf65429a99075e56736c7bdb643c66a7075b4911fda46

Resubmissions

12/05/2024, 14:36

240512-rykjladg46 3

12/05/2024, 13:41

240512-qzhwqaca72 6

Analysis

max time kernel
63s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

2.2MB
MD5

ea48c8b51bd0980d09c49fbb90aa5c66
SHA1

2e52354949a97bbcc10502b5293f2a2170fee0ec
SHA256

867e40fc8a8dd177826bf65429a99075e56736c7bdb643c66a7075b4911fda46
SHA512

0e3f826540d56c086ce9b0b20940218552e443df7efa089de2c5fa6dcb4f95a1a9079871dbc6d31cc76f401ac66004707d9e04a219b55e336b7cc8690fea12d7
SSDEEP

24576:X45EyTvyUhet2wDyzXQpWJZ4Nt3EnioGLNtpC1YYK7oTA+BaV8JMQNDUX9YWUI:I5t6UhKVDyHgt0HGLRZAacNDm9YWp

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	mspaint.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2972	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1456	mspaint.exe
1456	mspaint.exe
3520	chrome.exe
3520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2000	unregmp2.exe
Token: SeCreatePagefilePrivilege	2000	unregmp2.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1456	mspaint.exe
4784	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 4644	1084	wmplayer.exe	91
PID 1084 wrote to memory of 4644	1084	wmplayer.exe	91
PID 1084 wrote to memory of 4644	1084	wmplayer.exe	91
PID 1084 wrote to memory of 4740	1084	wmplayer.exe	92
PID 1084 wrote to memory of 4740	1084	wmplayer.exe	92
PID 1084 wrote to memory of 4740	1084	wmplayer.exe	92
PID 4740 wrote to memory of 2000	4740	unregmp2.exe	93
PID 4740 wrote to memory of 2000	4740	unregmp2.exe	93
PID 3520 wrote to memory of 4052	3520	chrome.exe	105
PID 3520 wrote to memory of 4052	3520	chrome.exe	105
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 804	3520	chrome.exe	106
PID 3520 wrote to memory of 3124	3520	chrome.exe	107
PID 3520 wrote to memory of 3124	3520	chrome.exe	107
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108
PID 3520 wrote to memory of 1904	3520	chrome.exe	108

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
PID:2140

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
  2⤵
  PID:4644
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4740
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:2000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\WatchSplit.bat" "
1⤵
PID:4908

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\WatchSplit.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:2972

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ConnectJoin.jpe" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:2480

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fffac13ab58,0x7fffac13ab68,0x7fffac13ab78
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1996,i,16901786661237654437,7608312825876626201,131072 /prefetch:2
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1996,i,16901786661237654437,7608312825876626201,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1996,i,16901786661237654437,7608312825876626201,131072 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1996,i,16901786661237654437,7608312825876626201,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1996,i,16901786661237654437,7608312825876626201,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3624 --field-trial-handle=1996,i,16901786661237654437,7608312825876626201,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1996,i,16901786661237654437,7608312825876626201,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1996,i,16901786661237654437,7608312825876626201,131072 /prefetch:8
  2⤵
  PID:5036

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4d8534fa98b22aa422ad55b1eb53bf21

SHA1
d5996dd4144ed80e4548d9750acc79fe64e97d40

SHA256
167fda0d4e8944a85e1083ad144bc273fcad3cea68842d597ab3fb7dbb98e6b7

SHA512
df58e9fdfaf8536c96b377c42361c89b87f3526acb9c5ed822a87ae9706f49cd6b5ecfd0ea77f21ecf15cc66dc7658696187054950c84ee122d8ce8f45048d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f47258a53c4c848bc97e65b5879cbe05

SHA1
d47d1ae51f91ef98a26ffcb545283d1eab015277

SHA256
81bd28b5284fafafbc4914e55790ee2531332c23b66c4c64702e795f09870867

SHA512
afbb06e9779be04cee04b78c4fa58beb453b55cad6582895c0005437bd7e5f1fc23aff8da4151a03d6061b6d7906fcecaf65f3396ff3f840bd590002d2b08a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4d48abc828ea77a5bb10395b198d7b7c

SHA1
151f58be0159596138bc97cbc3543cf658d82c33

SHA256
4a66ef067427a7caf8bfe39930d61cd7af4625b8bef4594ed47bd8c5b2cdd832

SHA512
c35e4c6155c578fc8385ae2102dd506c3d414b1a9c93db5e3e7122d35d6058fc64786c2253f9aa701d813196ff74084b9fd2506562e917d5014a816fb878f093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
ab92c67d639a30c03bb6761dd7974a77

SHA1
01f0db7f0020024053b1932ebb996b8503bea0d3

SHA256
1d77c2b351e07aa4fe86a0e63584627c61ea9a3fccb09451a37bb99f241cbd79

SHA512
b8747f83fb733d63879c35101bdee1991837f585b6c29fcaffc729ce6ccbe48c897298e9dceb80e1e347726c034ea82c3a78884e2a5cb446643da26449146ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
6559d73ca074ef0c5062dd1417609774

SHA1
820d6bd0000cadeac4928305b2fb66b10438c02e

SHA256
af538ff95751c53783e9c72edead3d4f6af81ce89bc336339bd383bd93886468

SHA512
2259deaa806e74ba9ebe242a459b24b1d72a9d1b0022a5e41a2d36ca67ffbfdb4e0089c2d382266f4442504dddf59aceb86837299d395afe612d6dd92b7884ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
768KB

MD5
6a59e1d9c05ba517de6578aec7f1206b

SHA1
ff194c7326d3ccce1d7e3e1d1efc70497b718e5d

SHA256
e627c1f5749e17f4d8a3698e5e8099c6318b4d3cc6c7e043785cc296c3dd94be

SHA512
f895c3289469d177484f50cfe507707bd341747041d11105e2f1f9b6f54ffb4446d2e7550d86d68fa22df14731ecfac7f8c690b3d02fdc205214a813afa6de4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
52be8151835084d8c410432593ebcb4d

SHA1
fa3d3d4a191636d6a9d13a9569f5a56da8b87c68

SHA256
c782f70915df111bfc09761ce1609b0a15c060b0fa90457ce3163117356eeb3b

SHA512
2a00139d35e621562427399100e69dc8a4c55b28735c948e5256d3552cef8525b254c71a7710ee1947f2a1c270a9f2a411c41259da0d403d0a517b9d24fcdf5a

Download Submit
C:\Users\Admin\Desktop\ConnectJoin.jpe

Filesize
422KB

MD5
f8777530038f4c94271d6732d24c3265

SHA1
1601488a123aea2e05cd47bd51f2ae0ad94b0331

SHA256
e156256bbe3e93275d43dd77ce81d59d9b7863fafd208a331789b47e25f8142a

SHA512
8cb5d999d7999cf597021b4b5ea96f6910a6a1a8b09c4ec6c6dc69ae03b48c0ddb77df32b5201122e9acaebab8cf60a86936b7f1e5ef88c92ca967229d70d927

Download Submit
C:\Users\Admin\Desktop\WatchSplit.bat

Filesize
245KB

MD5
0b8acfd01e57d2b780670eab2a8e7d6a

SHA1
9da9dd790e00acaa51eaf35b118928401fd35e13

SHA256
b1cacf034f2147a17ff1422b3c7b8928010a31b5cf6545a1106f526b6722a8fe

SHA512
0c4764d5e90b4121af1b16b69f5e6c75895b0eb3e6b9fd4a2b9735984d7e187d9af00e79170832f92d2b63e332094041ea7ade03d4bc6cad55e2ccdffabba363

Download Submit
memory/2480-65-0x00000174E4DA0000-0x00000174E4DB0000-memory.dmp

Filesize
64KB

Download
memory/2480-80-0x00000174ED180000-0x00000174ED181000-memory.dmp

Filesize
4KB

Download
memory/2480-79-0x00000174ED180000-0x00000174ED181000-memory.dmp

Filesize
4KB

Download
memory/2480-77-0x00000174ED170000-0x00000174ED171000-memory.dmp

Filesize
4KB

Download
memory/2480-78-0x00000174ED170000-0x00000174ED171000-memory.dmp

Filesize
4KB

Download
memory/2480-76-0x00000174ED0E0000-0x00000174ED0E1000-memory.dmp

Filesize
4KB

Download
memory/2480-74-0x00000174ED0E0000-0x00000174ED0E1000-memory.dmp

Filesize
4KB

Download
memory/2480-72-0x00000174ED060000-0x00000174ED061000-memory.dmp

Filesize
4KB

Download
memory/2480-61-0x00000174E4D60000-0x00000174E4D70000-memory.dmp

Filesize
64KB

Download