5699b2e12f78b7eeca0633c6a5a93effe7187565eccd7668acccf93c61ab7acb

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SOCIAL CREDIT TEST.exe
Size

19.7MB
MD5

80c506da3df5e4580c06c48162bccbea
SHA1

43fbccf50f91cd8e1190869b0edc96d920519c14
SHA256

5699b2e12f78b7eeca0633c6a5a93effe7187565eccd7668acccf93c61ab7acb
SHA512

f4a424bf758bb48da944701397ac1e82bb72a15ea4e8818535f2e52199d37e9caf4361303fee4bd9d6db528e1c0171d1612aebc5f636ca9c4ee4fd795432b8c5
SSDEEP

393216:AZwsO1LNrFRdcQ87fxa3JxLCQi2LXe+FRdcQ87fxa3JmZRNIcgi:8O1xrFRdT8zaJp9Py+FRdT8zaJUaDi

Score

10^/10

bootkit evasion persistence trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	SOCIAL CREDIT TEST.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	SOCIAL CREDIT TEST.exe

Disables Task Manager via registry modification
evasion

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.exe	SOCIAL CREDIT TEST.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.exe	SOCIAL CREDIT TEST.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SOCIAL CREDIT TEST.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	SOCIAL CREDIT TEST.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	SOCIAL CREDIT TEST.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\xina.exe	SOCIAL CREDIT TEST.exe
File opened for modification	C:\Windows\xina.exe	SOCIAL CREDIT TEST.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 3 IoCs

evasion

pid	Process
284	taskkill.exe
2904	taskkill.exe
1656	taskkill.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	284	taskkill.exe
Token: SeDebugPrivilege	2248	SOCIAL CREDIT TEST.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeShutdownPrivilege	1544	explorer.exe
Token: SeDebugPrivilege	2904	taskkill.exe
Token: SeDebugPrivilege	1656	taskkill.exe
Token: SeDebugPrivilege	2248	SOCIAL CREDIT TEST.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe
2248	SOCIAL CREDIT TEST.exe

Suspicious use of SendNotifyMessage 21 IoCs

pid	Process
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe
1544	explorer.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 284	2248	SOCIAL CREDIT TEST.exe	28
PID 2248 wrote to memory of 284	2248	SOCIAL CREDIT TEST.exe	28
PID 2248 wrote to memory of 284	2248	SOCIAL CREDIT TEST.exe	28
PID 2248 wrote to memory of 1544	2248	SOCIAL CREDIT TEST.exe	31
PID 2248 wrote to memory of 1544	2248	SOCIAL CREDIT TEST.exe	31
PID 2248 wrote to memory of 1544	2248	SOCIAL CREDIT TEST.exe	31
PID 2248 wrote to memory of 2904	2248	SOCIAL CREDIT TEST.exe	33
PID 2248 wrote to memory of 2904	2248	SOCIAL CREDIT TEST.exe	33
PID 2248 wrote to memory of 2904	2248	SOCIAL CREDIT TEST.exe	33
PID 2248 wrote to memory of 1656	2248	SOCIAL CREDIT TEST.exe	35
PID 2248 wrote to memory of 1656	2248	SOCIAL CREDIT TEST.exe	35
PID 2248 wrote to memory of 1656	2248	SOCIAL CREDIT TEST.exe	35

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken = "1"	SOCIAL CREDIT TEST.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	SOCIAL CREDIT TEST.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SOCIAL CREDIT TEST.exe
"C:\Users\Admin\AppData\Local\Temp\SOCIAL CREDIT TEST.exe"
1⤵
- UAC bypass
- Disables RegEdit via registry modification
- Drops startup file
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2248
- C:\Windows\System32\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:284
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  - Modifies Installed Components in the registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1544
- C:\Windows\System32\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2904
- C:\Windows\System32\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.exe

Filesize
16KB

MD5
12b162b0c010fcc23fa43b03cbb76509

SHA1
a696c6b6d5c0216b3eddf8dd4eb2a269abe19d00

SHA256
6be68911f16ec9283da61ce222d946c9e8e5ea39d71ad9d23216b4961947d180

SHA512
f983d2a19c18574cd09c1be30f44a6c8b586bfc74341367f6dfab26a6c7440f73e7ba252e66d1ed5fa6af5a78dd3f69de3909a369fe08ad78ca1e539eaa036c4

Download Submit
C:\alarm.wav

Filesize
60KB

MD5
84b81f71beda7afeded4085a84808465

SHA1
7199bd12cc0ef1f77fcaaba8b3ea5645ab388dce

SHA256
0884ecdc6f9a9ce52f67f6fdeaf02d579b2d7a1c7cf14d20d77c2906e41196a9

SHA512
698bdbc47b061ad37982195a16930caeaccda52f95f9c0d4ed33653590023eda6a2c3f110ea2112aaa67c99ed588d9117797aedd9298b36b37e78dcc5c74a5ae

Download Submit
C:\amogas.wav

Filesize
27KB

MD5
7c96d6b14ab956a856d47e87c4be4553

SHA1
a4626ab555204ae9221547b539fe9fe8b21cf500

SHA256
3e6482553b51c3bf6d419f8333647f59762240861c79f166d1995fc59eb189b4

SHA512
aef86dfb77cce4064a634f3b1accdebb3c066e6d9fc966538df80b2c0d948a017b1af1bd34d93d525f907bb983504544d541ae1a1f074caabaea55d71b4f3f3c

Download Submit
C:\amogus.wav

Filesize
32KB

MD5
c30df0f1ba8d92eccb020946a107c7fe

SHA1
fe95d0b0246a4ecc25fc89ee7102647e12c1dcb5

SHA256
3d6d12cadb2ef6fe5b2a03d15964512bc32895e338c2da25ae2cb07bcb31deae

SHA512
624aebee4d918c8eed1716d17829a36104eb5aeb2d23be021e61f9d8e59a6aeb7215c14365ac081fa2f820e561aa108be25640d1634983dff7ca8ebd4dbd6a45

Download Submit
C:\amogus_icon.ico

Filesize
42KB

MD5
43042269818924374a29891d79cb676b

SHA1
f34ef8a688e15efa9c0117816a617892a2730bb8

SHA256
77aa5f8536b9c30133f8083712b2d5434123d31a6ed41f0680fce52e06144187

SHA512
09cefcf48c1ebd4d5593d6d4f6973ff39330d23cf606da54bf79eeecd355842c675bd530b4e43d19b3dcc3fa6f4539d5d161ca423347197d6b319c17abab0e31

Download Submit
C:\avocado_icon.ico

Filesize
80KB

MD5
6d362a3e515cc18d537f74fca1f75293

SHA1
99a5b363ac274e027530fa7a532a007b0e6c56f3

SHA256
c87dc1a91720070afe96d3be716d6203540da4d08e9d2339967a8a2a6a521d42

SHA512
896ac439ff7ff58b33413fd978bee25afffd9f4b2a8183ad63db861b92c7118bad0b845ccd85390c8b8a76ba57f6a6fb7d0ad3970bdb0a28fb9f2ed718979821

Download Submit
C:\backg.jpg

Filesize
74KB

MD5
aa8212e3f48d35711f219cd9bf1265ab

SHA1
a3b17cc5311f23cc2db204f5b7081cd7d170094d

SHA256
ddc65eb885e5f89406a0b9ec5d23b0bf041ef9c15b689ddf6b855c9a62132200

SHA512
1d15ea1e09dae7d5c2b507f26dff3c052888deb7e5f8d17f5baac1c76a15cc2b0f11b470d855213ba17c03b32856e921b36c8acc6a32e9ff1ab9c04dc4ccf261

Download Submit
C:\bass_imposta_sound.wav

Filesize
149KB

MD5
f6d67bd69fe398b2c5238fa4c9d6455a

SHA1
a8c7dfb2cd54dd46f2eb1e2fe6a19bdf40c47e44

SHA256
3ad823c535650fcba2de953fb2ce6fc46afeb04e529494e6b60b788cb28ddc32

SHA512
63e0e262338850ffe35929af320d17eb850efa046f860ca4fdb93518dbeeb2fe9ab3d4d13305c6d1f5c9fe78b42615ac0794d160b66fad5e3a30309dfed117e8

Download Submit
C:\ben_icon.ico

Filesize
109KB

MD5
35ed09899d21d2f9806e5c4eb1411324

SHA1
5afa7972868a84f4e49d65f149aa09dda07870d2

SHA256
66775b29fdbd36e7ea15b038224a12271fe84b0e1129b11dec008af1dec986b3

SHA512
625d060ab49f371a9416315f85f6c01874cc19bfd5a4fb9b0a84287f1af0411695623e4176e62afa6623b16339b4c603f6a2179fe00ef505fdcd97e2b36cf820

Download Submit
C:\bom.wav

Filesize
37KB

MD5
1c782f17124b6eea9619acc46fc165a4

SHA1
aa22fe4a52723cf2ec83af3b478531c83ac1c589

SHA256
9f1c04f4d37d995f9f6cdb7751be399468c275f91c35f30bdb45ff9ff31190eb

SHA512
2b63129054cffd9037963f9e42c46c489e697f81109f8465c9cf3915894f143ffa444e9fb1bef195111ea915f36b51f08246b5ddc7ae5763d056bd0c8b0a7921

Download Submit
C:\dad_icon.ico

Filesize
91KB

MD5
8883262af502c220932bbc50979391ca

SHA1
0be9ff95e86e798493f5f067a6dd3ddec9ed6832

SHA256
f500586d27d938ebfc965c59cdc42e361b78bc41246d52a075bc278271c96fc6

SHA512
ca78bd4cbf199ac1ec91058e48f357b3dae908a5bc06eba132ad9e143d5791d11e04462a96bf836999dd412ff0d9f37d06243c8b944f84ec354a3fb223b1d076

Download Submit
C:\fart.wav

Filesize
38KB

MD5
e87a6a5fe2591cb8c7a88c0bd4cc8d3c

SHA1
75c4ca221b2f4782709f16230059bf8413de13b9

SHA256
840bbecc0e95ca503740df9ac0ac944303c4a4c5f163a3eb4d4aea329629371c

SHA512
2fce9c3827b0d16828175f8ac86029f615614ad0f147c95842113824d8177e2919cd0e09d67b9723396d259dea99e3b465b7a83972a8f1d344925cd8c14f0605

Download Submit
C:\fnaf.wav

Filesize
142KB

MD5
a91d1592b7e50f377e7d173951c58178

SHA1
ba8c41495c9209b17b2538bc991a537f3493ebb1

SHA256
65c3102f1a750db1921c3c28064f94f1b53aec88852b874810cefc6a74f402c4

SHA512
8cac33c4b2964fd87ce396e519a894c6674f123e4c2f3642e358dba59ab64a17c110aa74363fca1436fc325f0a986ffdfe94c161fdeae30e425648576a8be1db

Download Submit
C:\guy_icon.ico

Filesize
81KB

MD5
caf2b6d49aae9303b222fdd06b91f10a

SHA1
12b967bd3aafa465c228551a7cb2d70f8b9f972e

SHA256
2b670bfb2029e8f023f13180780c648f606bb91fd5854e45e08c27bad2f4e1b8

SHA512
0eb51b3e222c4843fb3d79bddfd04faf41135845f1d20a320be84f076289be9890624cb34b73bf4093b2ddbb8d48ff409deeec5aaf3b10216204a24da4c2f92d

Download Submit
C:\hell_no.wav

Filesize
77KB

MD5
22aa4efefa11404c5656516f4f257a59

SHA1
2b7476f4fc38d51303dc78dcdef4577ea59efa09

SHA256
88f4e80980753871fe322f8dda83e72900cca29961efdf25bd119b259a57d05e

SHA512
167d77f6f5aeb19fc98b6dc969f8ea91906aa23f5771b3f764884a685acbea5fa545486e72daf79decfa86265e6718a0d5e95c6f9c01bbc14a5c6b7c0ad2380f

Download Submit
C:\obama_icon.ico

Filesize
91KB

MD5
f89f675153effeea979e32716d1dcac8

SHA1
84780277f79505ccf920d13391726741e127a79d

SHA256
99232a1b8d11825ccdc89ad8a9e095c6a1c36731836c17207ec5f45cfc0270f7

SHA512
8c447c5a226a127cb671eac033bc7db370a5dd47aeed7e46fcbd112684bcbff300827292c8bd87aee6f21bff887c4c04b7620b3bc22a3b6bd3b6843678083fff

Download Submit
C:\omg.wav

Filesize
51KB

MD5
4f0ad7516cd72bc8e78452edbfb7675b

SHA1
fdaf974becd0d3d66eb580df0e4beaf048ef22b4

SHA256
654700adddf4f3b7f18f08d3d7ba2df035a026fd38b86f700b950d4ce4cc0cfe

SHA512
d973a212cb46199bfbb938edd724e187f52d273eb92f0f32390f6b8c269886d55a2009545a3b46d456eb8a42f1c76e4956bfde803898d053e2164aa58a92f584

Download Submit
C:\rock.wav

Filesize
35KB

MD5
2483ba5ed0b989e311c585760c624055

SHA1
e4a793b783beb97a94d04c2e2795f02aced64d14

SHA256
651ab26c519b7a0ac97e0adc3c452efbc9233f695f5ae0bb70d42d5b3e37cac5

SHA512
a37554d540383958614fbd898dd7435476480b4c7aa83b9191f626567c1835f338ec35c4799fa544d9cc0bc2aa7b2139ec929f26bffb4fc0424c10c09b8a72b1

Download Submit
C:\rock_eyebrow_icon.ico

Filesize
56KB

MD5
56afb11ebd7367af4c03b065ef3580f3

SHA1
4f30fbf3d5c0469533c1b33b98aa612e6704c14b

SHA256
da6e60fa7d074a5b8a90e3ebe53ed1c01661423ec0ec1ff154857bcef14ecff7

SHA512
eef0e1be7dfde83f546d36f41a6339ce17d5c7153da3f3d003838c333884458697b2d156abf9c119f4786d4d53f08563b79d17c0c3e316dabfa519db145e32c4

Download Submit
C:\scream.wav

Filesize
53KB

MD5
2d714bed0f2a11e2daba10305c667e93

SHA1
20af1afd4f3283cd142904a285b6471b119f8079

SHA256
a65f7847e0c4ec164b204cb5abb90a4b58cacc4c957f0749b52c7130094b860d

SHA512
da26fb5aba9377c746993daf6ffbe3df60db4ce0992058b7d70a1a26398f9014a7c111775e1acfe26526500a90daaacf805dda3b8a7cce87c36b60f641fd0119

Download Submit
C:\skream_icon.ico

Filesize
52KB

MD5
21a8888b16b257c094fd38d09612fc48

SHA1
9ce7e89da63c663987c9624a845144a4fecc3e72

SHA256
e1e71925f5169df514d0c196f41fe91ae1419426ed28422aea78ab85b4dafbc4

SHA512
cc554f7180b8f79de7ee6278b19fe8a4331ab9caa5cd980caf66eeed973a3577b56dfb57e4c0797d7987ce55ff8ab305a9a51b27568ae0fb9414498d3c494af2

Download Submit
C:\speedrunner_icon.ico

Filesize
66KB

MD5
a0bd05bdf6641d55fff217fc45b6e7a4

SHA1
9c4f824bda8ec17d0c23fbe50cd8f6c55d5784e3

SHA256
c34b87c2f0454d80f7b1989e80eb5b6ca04052c16f94ce294f15a0053cc76ce2

SHA512
bdecd28c096925852936f0aa96a406596a3d60bbff51ac1e12d9241f4c7552630bf12aeb73cfed8cf8afc916cad90d4e6d23e5eafea6e14f73b73ced4992bad3

Download Submit
C:\sussybaka.wav

Filesize
38KB

MD5
8853da13437c21bd8c8b131dacd73d4f

SHA1
844f143af3aab36ce1cee355eb7e7c5a4ba67f4a

SHA256
7616c3dc3ef9a7a6d08a54a5e955b33f001647f0821c29b92b022c044226e480

SHA512
31a3989fddbffbb8e6979bf3e855eb13ba97146cc1cee4ab6f939cf002e0a2e698a12383f0f2a8d3d6aab437da9bac7e641189565a7ced1d2c5ae1a8f149cf30

Download Submit
C:\the_wok_icon.ico

Filesize
68KB

MD5
8e1462f2d993e1bd6fd00268623abece

SHA1
67367e20f64d32ab8d1840dedd91d686ac989952

SHA256
ac084f24272a89b616e21add98739a7c4dc55830e6c7ac8fff74a9d495eef4c5

SHA512
9184a8a87c2b5ec222df4d51a940977b2ec784c634ca66e5d11a46d35ef1a38162b6e1090e1df364eaef3fc1313a39a989a803c2ace603e90fb4473ec9105ace

Download Submit
C:\theme.wav

Filesize
2.7MB

MD5
e4f642067670a4001d31ffb18f481f96

SHA1
538336f1beed8f74a0913454265cbcce4822c4e4

SHA256
5b41d14436cdd8e5467be6a1705daa108c428176c9fa4f9c74bd88cd4b703960

SHA512
5b7e27540c1bcd579d633597de005b7cb6a91f2dc8a6849c23b16a1fcc942688cd59ef0b0422a2832a2c84b6517e9debd87c5a1e9a57521837dc1c18ffe4a59c

Download Submit
C:\ustupid.wav

Filesize
20KB

MD5
afc635b14cc1d36ce347aa3ad423bcde

SHA1
306b78de47455914a0550229035516b951e638c5

SHA256
80d9439a20f9f0b09bfb6b7b71a84bd9875c2363141b323522ab0473df90c0b5

SHA512
ce4b43b1b876b741d312a045fede59c4b1287f084a4fd0a1929aa8e6da3820450f25ae9436d48885e30908201e6a82cd3ad7e8e9d92b16aa68aa1e0b37366d40

Download Submit
C:\ustupid_icon.ico

Filesize
59KB

MD5
6e3e6e1a0f01c0168c7b1fcb4e63a89d

SHA1
785688b7caa8f28583e417a651517b721405d835

SHA256
b856abc28d3d026fbe327376bbd72f7a169012bc987d59dc9fe600e9714ff634

SHA512
d2038420bb997ff0d97561ff8b167822de36fa1f924962abed0f29b3c8b2ef7bf9a9f52311738d498b894cfd7d488ee0a1741150e45782e555028483bb1ecc99

Download Submit
C:\walt_icon.ico

Filesize
113KB

MD5
fa516d1d0fce7db4dfa81e73cf74e917

SHA1
ecbb4b0ab88b6c7574279693bda9a7cfd0a2d9c0

SHA256
335b92e10ea035e1061ab8d44d02472d2db80a838eae63900b9d02ab9483c4af

SHA512
f9adda2c53121fbe6a0c42582f2af6d19dc8225f9422a2163210153bd5bc458cd4fadb1d97085fadc658b45557ddc3650ca96d68764241a153c70b68569dec8f

Download Submit
C:\whatdadogdoing.wav

Filesize
34KB

MD5
a55dee0b6901e6cc5dee3ee6db227b41

SHA1
914b3ff1faa2a3009b13044ba08f08a71f2f3f20

SHA256
6fd47a0e90adba6e9560ba5fbbc162b346b528aba268300f560d5a144924bd9f

SHA512
ecbd6e493df019e3045a420e0aa6235fdee1d1e97e455370e29ee7563e7c25f9d75afa9b7c1c9d8e2693e90e1271811dbe88072ba8ec4e93cf23d08cdba0f4b5

Download Submit
C:\whenimpostaissus_icon.ico

Filesize
89KB

MD5
57a21de76111fd67dd32bbf5b8cbbe8f

SHA1
127d6c20da0234ac8bc9dd65391fcfd695185274

SHA256
8a5f22591d81c5ce727cab12fa380c3331fd9a3118a69667bd21b8ed9d6bb96f

SHA512
4177b17475c7dff84fa577077d844e27af7d8dafba7f6beacc1b45174d4df2ae88f242529dfbd5f6e5b80bbc5ceb949ba0fcd2c3c7065dcf32226b0e9da85629

Download Submit
C:\xina10_icon.ico

Filesize
34KB

MD5
312462041a762b3ca42e106dd23c77ef

SHA1
199e0d9650f70bc9d4aceb95da7d7200668dddde

SHA256
df0e53d5be9ecf641313960c107ab41bce93c8cf4849d006077e33a424cb15c5

SHA512
4d57c6b4659ededbecb127a9676f6cc64644cc270e33ceabe469e84c2a1b38981134aafb8f1d1e53cd0d6cc1f22f08fa3bd7e8568e8f1d907efd4bd07b51f790

Download Submit
C:\xina11_icon.ico

Filesize
34KB

MD5
a6a4e4e3398f437cd4d431d85e9d54a8

SHA1
4afca6d917412205203b9498fd1fde26a926b7af

SHA256
03f9584495fef61a2f54a0f0cc469f26f25f35394be48b5d954d449ca37bc784

SHA512
2ef129c544c12373b8eb06160450ec4c925d2b3075d1f7925859c4a0f184911dda59b6687944b7fc086276b3966e1111535e4e859b3f3715078e1e68dfe6ac2b

Download Submit
C:\xina12_icon.ico

Filesize
33KB

MD5
813e47eaed5990689d0d53815c68d29f

SHA1
a20cf1de1b653e7267c5dd134db2207fb1150e3d

SHA256
710b492db43e192fdf281d9d5ae58a06500b506694ce4685c64d413188c4b245

SHA512
9aa5898a1e6942e41d7cf2ccb9dfb96a0b12c4d148d24a9ec8b9f5bf608bdc0312fdfd97c779a73ea81dcb9ce7df06941efd2a0841b2afc6b439528ec0f84fa5

Download Submit
C:\xina13_icon.ico

Filesize
33KB

MD5
fafd6d2d4a64f53220994bd4bbb9de94

SHA1
05d90ef5327c3ec114d0a36cb29927ca4796e5b7

SHA256
a8cac8b5521a9ff85faa0999ed21af3669c57a9cf51eb14760c001305c44c195

SHA512
64cc77861e5a3679cf2f323ecd673805aa6df266e720d4e889ca283017201d25f194767b7c36aaeeb4a4eebe062d2597fc3e13f1b7e6054b4707ee74178df232

Download Submit
C:\xina14_icon.ico

Filesize
33KB

MD5
398df692cd2ec1bb7920ea5449d965a1

SHA1
d4fb9dc4e31cb5ec3ca4e2dd2223a0d4bc4256ec

SHA256
76fe950ef1408b93f1a13a7197cd3221d8eb6f6660ccf9aaec3bf94f8b9ef703

SHA512
2156c194183d961a06daeca442fe8da4808f2065e8936f4fee10f487784721c0976a69e39a466f1bc1a0c31e082025774a391bbad2138cab638bce4153ca7201

Download Submit
C:\xina15_icon.ico

Filesize
33KB

MD5
b28cdde3e6551f820fbf4d1ae4da6677

SHA1
8e1fbc56e308b24dca374eb5debc9e9bdd5f6135

SHA256
dc1a15e29698e60ac326185e619eb875e869ea3d01746ac0701d11a2716f6b85

SHA512
21bab2e588190151a380d0663f0d8f307c95805af7197bb2adf6019bf28eb3cf57d9e7f621395a7f23ca847811e5a9fd316bc45fa3208c71832966c4127b8cc6

Download Submit
C:\xina16_icon.ico

Filesize
33KB

MD5
66bd198bf0cfca918c45067bdbc354ea

SHA1
04d7bda4cd83a7d1e950a8da7f409eea72033578

SHA256
06f24e06f12ce66cb87a29d7eac67befb737ee1400f11071d4ca83ecb5c78dfc

SHA512
d2d775f19e5cd72671c739d03b6bed554dcc517f93bb83cba7bbe54fc3408cb8d177bb237620894f0cb45117bd902b6e39a7ce3f630f21c8c45b08d2280306c7

Download Submit
C:\xina17_icon.ico

Filesize
33KB

MD5
9225599ab65c613124185b2529989cd5

SHA1
94cf9fdd8808ddc34d8c552a5fd52dd3bd6b4043

SHA256
e64658b6ee5ee61b29cbf79812b1f6cc45367eeb2cbe9da9fa5f1e63979644e8

SHA512
b535e4bf42d1bfe8d0280a694e8663fdfda224b030a80f0ccf0568009e1476cc062c3e88f9e3a3c31b62e5156504570fc17f1466acc234e83cf1f3628ac999b1

Download Submit
C:\xina18_icon.ico

Filesize
33KB

MD5
3807d3a5a2f9fb626c97e048e3b64b1e

SHA1
1b14e6ef507551e72370b03a876e9534b0da3883

SHA256
5d99c8bc9f302d87e86addeebe013c34ca4305f3c9752fd92e979ac6d97aca34

SHA512
fd5ee94044f25dd20495dc3bae17ba89257211be6ca36df224813d7a71afe8270df7e8a74d11655dc6ab1397b5ceab3e56bfeac149a09d3015f10d4b50755164

Download Submit
C:\xina19_icon.ico

Filesize
33KB

MD5
f6ecf41acb43f283021fa952e762b9e4

SHA1
cdd89bee571630d93ceb186ec5dbef3fc28d0019

SHA256
9962141bc3e2a1936bffa25de1e8ad85aa630d4a9770f90e9900534784683be2

SHA512
af637de1c505023a03e2fce65847fbb596a3c7dc6789f636dfc78b185b583e801274fc00f63c12e531a6eefb505a0c2bb29222a133a4f0d08a1eafa3be17acde

Download Submit
C:\xina1_icon.ico

Filesize
33KB

MD5
ea930fd90cdcf6d31a2ec4c1559b41f9

SHA1
498db95c46ed784d6c6b83b6ad30184ceb7f80f0

SHA256
aba2367393eab39caa359b90c62ac0231e7af228070c50496a984be89bba4f3e

SHA512
726bf8c578a9019ac025c2fc021cdf7c111597d182720d62c48be9ea4fb3c8f4da777ff2305695a27d0db61c3af9da48e99ada694eab71df9fec459c50a00656

Download Submit
C:\xina20_icon.ico

Filesize
33KB

MD5
0e027d0c11f6adfa7aaf640ef5cbb83c

SHA1
b9d69ff6f1ea832de0c713fd2011a1d588cc1d6f

SHA256
93bd144b21f021708564d17a127b241b6236ec7922cc772a78bbdfa9b0fd8ee4

SHA512
77c242c76e6f3aaea9df664ccfa280af6c4931adad908a069073d35cbbf521f5650a0135239f6f831049a5d13ebab595169f27eb9f847a952f8a47a18e092d7c

Download Submit
C:\xina21_icon.ico

Filesize
33KB

MD5
0c12f084e52be0801c90d48ebaaa9c4b

SHA1
8954a0a34e1344e0ef0a8920c9935dedd1eb4dec

SHA256
b1b86e511ff375352a46b9b6fc8f3a7a20c55b7516dd1dd9d5af38adb7f527e9

SHA512
01b8f27eb18a77a7be9a1b910b93c16afcfda1e0c371463619dc6562bfc469af34d152282bde6fd4c14fc191c6b7cf1877d8607e257489498ba1c96f68c52e2c

Download Submit
C:\xina22_icon.ico

Filesize
33KB

MD5
adb1b10c27228fd7a59a50a5839ee6bb

SHA1
579e67dca36773986fcebdd955f86cb6d47a7164

SHA256
4e876b157be27295d52d754db4367a05e2bd10550006355fef27542de0603c1d

SHA512
a2efeda33021d205b11cfce73b9897e82571f42596438020786dc58abcb0e42287ac3730f5f57fe92249f5b8fc8cf74f391fab5ba25004ee84b3741be4849499

Download Submit
C:\xina23_icon.ico

Filesize
32KB

MD5
cf293a4f73d67d90b43d6fe2fc707e0d

SHA1
c779c8794392ac1d907170999a15d8a7440e85c0

SHA256
d2767668d76008045bb9ac633f6ae30daba499cdd4c803030b3f4119169220f6

SHA512
cd2dbe59f40101d36bcf9b2da70ed8f03e66e5c57386be68bc929e1fd05ef2b806afae135ec703e960bc159400cb402d409e7745f7b348ff47fb24861267dea2

Download Submit
C:\xina2_icon.ico

Filesize
32KB

MD5
d129b378192f4f70d831fb7034d7992f

SHA1
c782ed401d9a33644568dd3d4c78b49ec3d9a4a0

SHA256
3d41e7d8040bc0c91f371f88dbbd7eee29e7c8408d2de331636096f81cc57b4d

SHA512
b31d3191ad62011d53f77e789333f3669b515172aa30f914ca116af0b8b6949a031b002aa391637fdd7ab9a63a5b0dd5ce37dd691766f3d896ff570dcf23b2a7

Download Submit
C:\xina3_icon.ico

Filesize
32KB

MD5
37cf805ea6e33432e8bcd4e028938faf

SHA1
c0ea05823441d9115a2f079346efff5ad2967930

SHA256
c638d0fedabee0972e593ef24aacb2bc86ddcb6a3357d0ddc2228e76d73051bf

SHA512
091bd6d4e0f5707df74a461657b513cf7c61b94e780b80f8f93fb000b0e29b7f59c08a35964d4dbee005e7bd9d3c9be5a69a2486996e3a9f09a3d3784d424a4f

Download Submit
C:\xina4_icon.ico

Filesize
32KB

MD5
5e3393e772f5aad126c10b86b8b59c62

SHA1
ac70b3a5ce29c2d432263a11a4f157fa53222c23

SHA256
049e8a377ff04c64b0e804d14a96f1469bfdf60c6b38d807d8b1af5b293221ef

SHA512
3903acb567fdfd0abff26dcbd4c7c9ebfe569569b1af78283beedd7c2343baa3e3fe19a2e851e43b7313017624435ce814dc839f79c67d3c7ee528b3c71666a7

Download Submit
C:\xina5_icon.ico

Filesize
32KB

MD5
ef185b61dfa8298a39bd12bc5b5ad56e

SHA1
3401678e4ebf8a78c664994e864a18cde058c20f

SHA256
ff3838388c2ed572a4d2ce6b8b6d77490bc56bab33ccf8c586bac27d2df83b68

SHA512
e7fa3e4f302801e617442764a28b7f7a24a394319903a411f40d6da31d03b7530a8160193010ef868c90f9259d44085d113b73fc09a0e72c5a1f9f990d87e7bf

Download Submit
C:\xina6_icon.ico

Filesize
33KB

MD5
fc5f065a5e8ede646d1595c50f9253f8

SHA1
5c9a10baa223eca0ca3005b760b21f9dfe656e94

SHA256
90a1510f938da7440b9b0d2f82428885684761898d4f76575b1c2fbdfc245d92

SHA512
49a96c244bacdf8b5dde05f3b57c18d2f83a53f3f82bf32f6c8026d890e047f6b11d0d7d9357e8d6f509acbaa5fa37d5aab72c26e58f46c99885f272a747f544

Download Submit
C:\xina7_icon.ico

Filesize
33KB

MD5
cb099d15874bc078218294749eb7b6bd

SHA1
27647365028ef3fe8df37d9341595501c5748b9b

SHA256
2efb6ed0f26f8a561014536a1eb846cd4467d830998f6bf2c89f5dbd4a87f1f3

SHA512
c350bd8959004da8cf76a4d79a25629c4e38ad57e22230a29c339685c076cfc0044cc241dc206016183549ac66da685a3d673938f0af6c69f40c0bb6ee5fbc2e

Download Submit
C:\xina8_icon.ico

Filesize
33KB

MD5
337dc66064bf405d08a2c9c2f8b80ee1

SHA1
34e79eaf97bc9274222df62331ed464b06c26deb

SHA256
0bcb24229a3ca5ab524b3241e79d71d0b190994b77d4c420985e8f89b9557774

SHA512
61616a7d4e29c9a47b8f0f6c3a21e68b51ee2a185a2e0e6d3f7933a932305a246091c9ae757aa4d49601f2631e3cb5c62618a1e2a2932b957b9b279d019db337

Download Submit
C:\xina9_icon.ico

Filesize
34KB

MD5
c7e83c267bc0e3238163b11a968d59d0

SHA1
180d269f95d88ab98c4abfaf5024119ab22f5424

SHA256
939f8ad378a8372438fdea72adb3f56cf4ecf3ab3d517efdbf5588c3a34be3dd

SHA512
054593312a083ae7f86b6aaa18ec206193b08368a8166f09815056ed339d1370ed0f03500fd39ad45bcba7a4a450b819415e695ff0a8cbca6db2a5999f9bb741

Download Submit
C:\xina_icon.ico

Filesize
75KB

MD5
0f111a8457f17592240624b2e80a6c61

SHA1
23b009e988c3a95d9e8ac97e9baf2979dda3211d

SHA256
8d49d92735d094885cbb57a63988e6205b5a477f2a571aff2f1e8d295f3d8e2f

SHA512
4e14e5e9c834723a23d3982fa2c5223eb0ac09403bc5cde638733c2a96dc28f820f76b6614e444b5a2aef3fb9f53c6e8f1fffd265ae7bb0af0c372aa7f548bfe

Download Submit
memory/2248-0-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

Filesize
4KB

Download
memory/2248-145-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download
memory/2248-144-0x000007FEF5D13000-0x000007FEF5D14000-memory.dmp

Filesize
4KB

Download
memory/2248-2-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp

Filesize
9.9MB

Download
memory/2248-1-0x00000000009F0000-0x0000000001DB4000-memory.dmp

Filesize
19.8MB

Download