Analysis Overview
SHA256
1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093
Threat Level: Known bad
The file 1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093 was found to be: Known bad.
Malicious Activity Summary
Detects executables packed with ASPack
Detects executables packed with ASPack
ASPack v2.12-2.42
Deletes itself
Executes dropped EXE
Checks computer location settings
Enumerates connected drives
Unsigned PE
Enumerates physical storage devices
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-22 19:19
Signatures
Detects executables packed with ASPack
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-22 19:19
Reported
2024-06-22 19:22
Platform
win7-20240220-en
Max time kernel
146s
Max time network
148s
Command Line
Signatures
Detects executables packed with ASPack
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
Enumerates connected drives
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe
"C:\Users\Admin\AppData\Local\Temp\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000.exe"
Network
Files
memory/2916-0-0x00000000003A0000-0x00000000003A1000-memory.dmp
memory/2916-1-0x0000000000442000-0x0000000000443000-memory.dmp
memory/2916-4-0x0000000000400000-0x000000000099F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gameofmir.bat
| MD5 | e7ea1b2c58fad2c825a7829bb45aba97 |
| SHA1 | 10cbda7b09abe7c56f9329298152c4fa8a495c92 |
| SHA256 | d2964700baf4262b1a4791e837de1373aa4d8b61a2fb755dbef7c6dddd364792 |
| SHA512 | e65dbdcb2a04776722f550a11bc088df5e4b301cd989c1649cbe08a21f4a7cb4dd5969aba63a75e69e5d38e6077c3305b2adb0901c75d7a459a3fedf36f0d00b |
memory/2916-16-0x0000000000400000-0x000000000099F000-memory.dmp
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe
| MD5 | ef8f6471ebd9c98a36aefbadc3e88755 |
| SHA1 | f335e8f343413d814f2e640bd01afedcca43629d |
| SHA256 | 1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093 |
| SHA512 | f43ed0eed193ccaa188509df1f3c8fe4cc4ba0ff90efdd1b261f4efa4ac72ea063fda0e360c0fa5284b1501c35d138ad4b7f00480926e8f3acf2157ce49c22b4 |
C:\Users\Admin\AppData\Local\Temp\GameLogin_Debug.txt
| MD5 | 778281ada8cbd0da8bdafb3aa385a606 |
| SHA1 | 017d05c87a4307238272dcd2c031fb4ce6f1009c |
| SHA256 | e124eeba5b7855277adb4261d77a60f51731d1ea5ceca208b5f797a719a428c1 |
| SHA512 | f56baf460728ff5a15befa72540232aa6681449fc8bf150aef98244d546a7b3fcf2abd663d945d31f6c6e0fcd0a1ea3facdfc301d985478ee49b0cf3b821bb68 |
C:\LoginTemp.ini
| MD5 | 072418f231e0bf022453501d596b6b89 |
| SHA1 | c8e473298746f00c4f88013768417388dc202edc |
| SHA256 | 02498df477a6df1e5fb0e320e05b5554350e53c48178ab4fdac8a8c19b3ccda0 |
| SHA512 | 0547c2f3c9da08ad230cd4910d04a24908dcd030ebbe499a7158f2c2bff4420946b71f91371a2345468378c90dfad804626d814f6b8031172a0ae998fe8fd8c1 |
C:\Users\Admin\Desktop\2015԰潺þÇéÔµ.lnk
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2588-26-0x0000000000400000-0x000000000099F000-memory.dmp
C:\gameofmir.bat
| MD5 | 4ce55cae36264db969790a6a0f7841ae |
| SHA1 | 92d436993d32ee8721b3cd0ab2ef61366e59d403 |
| SHA256 | 6a2b0f6a570f295472d68edec1c14a0e92e433130190b18de62c85ba34f381c0 |
| SHA512 | 2f7d66245841df0ca49759dd6bed68ab271a1f763658122cc60b37271aed547fe2bcfab5530b8fe582c5bcf66e74abd77602932aa0c169459f97f0d0ab0f1492 |
memory/2588-38-0x0000000000400000-0x000000000099F000-memory.dmp
C:\LoginTemp.ini
| MD5 | 9b2456363290ba7d3b58b22d66ce6a18 |
| SHA1 | 43f3a27739354d6a21dab842e5910205eb7ebe6b |
| SHA256 | 95b5335823c05e3acf512d08169bf4cc9925d70e96b72e83b472cb55b094e218 |
| SHA512 | 3eceb636eb660bf20d558a396a0ac186902974e9737354577b301765407c98c94f800c62083f6e648bd576da8a84e414919a7a99144b409befea5bb86b48cbba |
memory/1588-47-0x0000000000400000-0x000000000099F000-memory.dmp
C:\gameofmir.bat
| MD5 | b47e23449e4fa6dede957f9546f5542d |
| SHA1 | 0ba40ed56221c99f20628267df571022a3e9eafa |
| SHA256 | c87b3c4d65a81ae78d22e86cfe4e9390a9cdfa26967bab32aa4560175fcde285 |
| SHA512 | 2694acb4b3ad3cd8073d4395af45ed87b71c4ec52fac82b8e795f946e73efdf43618678dfd7d3e0c3d56042c890e2bd02ab1e14a96fc570b9f54b517f1d3e065 |
memory/1588-59-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | 4f67ea94e43b453253db0756902109c3 |
| SHA1 | 742c84c30ee1c0f6f80715c890ca5776901d7387 |
| SHA256 | 233646b07383accf017a97825a26da3f01ea641e6941476b865e5e599ffd9d15 |
| SHA512 | 8d333d48b895b6efa388803bcc89429fbff26ca79f8d038ca69b34d883b552b0d2053c262c09c2a7dc0b38f8d45d6ac77c855db04a31ecd4d60daf517c0dec4a |
C:\Users\Admin\Desktop\2015԰潺þÇéÔµ.lnk
| MD5 | 412d923067816b5eba568da495e72371 |
| SHA1 | dd35ab7777c08fd9faef14710429349200ebc581 |
| SHA256 | 6c5792ccac04fc2ad81128f545b5a3dc219be7706ab011d30ed515b22ac8cb3b |
| SHA512 | 92fb1cb95f59fddab5394c5d61929918dfd3eb3e1dc1019edf41f66459b9e5cf7b501083ff344ba898d974a75c370158ce9abdf0af825650e288166dc7e0ddae |
memory/1960-69-0x0000000000400000-0x000000000099F000-memory.dmp
C:\gameofmir.bat
| MD5 | 7427bb5bf3be7f2694e7df4e89d8cc92 |
| SHA1 | 2f94f843946a1debc6c4f13d4c348d44fd805443 |
| SHA256 | 48b2f8ea6c86087572c8497bacd2857e8779c0bb1626740d0092ddd42dc720ab |
| SHA512 | bf2f2f822eeae372cb81984947798e6e5b2900aa2ac3837583c1ec71e87377233514a905523c39b27fb5488de4216f82f5e31bfa926d4623767390c566ffcaa9 |
memory/1960-81-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | 8e90493d1a772df080e6e55187856448 |
| SHA1 | 3943c58715126223bbaac7d4312a95b29dbbb09e |
| SHA256 | fb3ec035ef57c51dd31b6e7808edc9dea37163ec95fbf2493e4fc5f4d86e6603 |
| SHA512 | a8c28c68386f021f2a63c77688b0feb98f60ce52f87a5c48b4ceeb850600bf99f1ad0f739a2b326c0a6ca0b32f720ea09b04b35f24cc33a7399db53e6e63ef18 |
C:\Users\Admin\Desktop\2015԰潺þÇéÔµ.lnk
| MD5 | 5d011a65d50cb64f1263117618b776a2 |
| SHA1 | d6f5199a1e0ab6f5c9cc34761e9cd92180a7de62 |
| SHA256 | c359bfcfb92c99a226b4cf1e638c4e73616db51672b9de0cecd81cbc360f1e7f |
| SHA512 | 83b52b8b7190562d836dd89da310d94f25592c9a53e5933f3ebed9690bfbc11d6fbb1af98309070184cad0ea7495ee08e42ca51a69b0e29fb3ff34a318904006 |
memory/2948-92-0x0000000000400000-0x000000000099F000-memory.dmp
C:\gameofmir.bat
| MD5 | 23b6731271442175a78f451c4d0484a9 |
| SHA1 | 53f9cc4006e9f71e895fd7f73d2304093460f7af |
| SHA256 | 541d29360511b48de75c4dd2b90132bfb92fc7990a3b64af481daa40d7835aaf |
| SHA512 | d432f30495da9de2471aa811a0079df1acc0bdc1c57377adea5e80a4e1a3f059801605ab5b732c9b323664917d7d8822d74f1643b62aa2d509df3e2ead0ee067 |
memory/2948-104-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | 358420af6a4d90aa6c75bdb0f8d019c8 |
| SHA1 | e6170b19e805f519b5c94193d124129655ec5054 |
| SHA256 | 023019a58b6be353c665560d2298ba8d3f840f670f233534e06f2df2c6ee7c93 |
| SHA512 | abf613a1280d1b9fe4e5ff60abe42eac338f4612d3861a17cba100ff7255b3693214ca549ce79d14d50f749fe1750c243b00108f7384ea4856efd3a2fefac277 |
memory/1276-114-0x0000000000400000-0x000000000099F000-memory.dmp
C:\gameofmir.bat
| MD5 | 36eb7bd5b29c2bfd821e98399186cbf6 |
| SHA1 | 4fda83a711a7aa2fb1ca626cde9edefba12972a9 |
| SHA256 | 860cb2b65f1daf6f59ace73571bf7d3bc2d7870a1471636d315180f045788e61 |
| SHA512 | 444222e3c7cefe34624031bafdc95098bc199dee6df73d03cec4784a902d589a6cf350a4cda02d71d05f9b5e57fc3511caf421048c5458b5c474bc55e72bc41c |
memory/1276-126-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | d5ad169562d5f3129f6bc32a143da63c |
| SHA1 | 03831de2d4ea6772995d38b83ecf7f38fcd219fa |
| SHA256 | 856a0df63df77a98b4ebb42459d0723a6a64eee9d2407490e69749d26a6c8c6b |
| SHA512 | 6276305086330544afd4f6db968b66de8498e413a4582572c9a4dd9181392c520694100d134cbd2fcd4f659bef5c4cdc75b729f29515be868d7ca96a93a2538a |
memory/2652-137-0x0000000000400000-0x000000000099F000-memory.dmp
C:\gameofmir.bat
| MD5 | 13fafc99ca6f22bbac842316ac148d00 |
| SHA1 | 2e681aa36651eb9717fa0e1f30f5ed6396a0ad06 |
| SHA256 | 036d6f3bed67c9d65357abc1231f2d70e672638cbd8dc388469856a445580ee0 |
| SHA512 | 649c5ce761cc57a981c4304f491f104fd73cd4ccebec72f3c580741c0f074d36bb5b1f804f04fadb219f8a435e1245b2cb61096031c0854e0cd2ef925a004653 |
memory/2652-149-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | 1a86a3aa1c47a28a98bbf73f3efea3f4 |
| SHA1 | c1128f551b64982a9404b8ab43682d787ad24ecc |
| SHA256 | 85461485e1cc452abe98015c87627358ea97e45e6ec05508c937bc6815593d32 |
| SHA512 | d7a195231d9ec14ed9868bbefa2c4f4d7210a24fef648efd767a48a502b9fe5a32744b18643ee4580a116db6b082347ca6d6ba139129a075efd5f50c50290689 |
memory/1260-159-0x0000000000400000-0x000000000099F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-22 19:19
Reported
2024-06-22 19:22
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
154s
Command Line
Signatures
Detects executables packed with ASPack
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000000.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000000.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000000.exe | N/A |
Executes dropped EXE
Enumerates connected drives
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000000.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000000.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000000.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000000.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000000.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000000.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\AppData\Local\Temp\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000000000.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\AppData\Local\Temp\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000000000.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe
"C:\Users\Admin\AppData\Local\Temp\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000000.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000000.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093000000000.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000000000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de0930000000000.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\gameofmir.bat" "
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000000000.exe
"\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de09300000000000.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/2836-0-0x0000000002890000-0x0000000002891000-memory.dmp
memory/2836-1-0x0000000000442000-0x0000000000443000-memory.dmp
memory/2836-4-0x0000000000400000-0x000000000099F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gameofmir.bat
| MD5 | e7ea1b2c58fad2c825a7829bb45aba97 |
| SHA1 | 10cbda7b09abe7c56f9329298152c4fa8a495c92 |
| SHA256 | d2964700baf4262b1a4791e837de1373aa4d8b61a2fb755dbef7c6dddd364792 |
| SHA512 | e65dbdcb2a04776722f550a11bc088df5e4b301cd989c1649cbe08a21f4a7cb4dd5969aba63a75e69e5d38e6077c3305b2adb0901c75d7a459a3fedf36f0d00b |
memory/2836-11-0x0000000000400000-0x000000000099F000-memory.dmp
C:\1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093.exe
| MD5 | ef8f6471ebd9c98a36aefbadc3e88755 |
| SHA1 | f335e8f343413d814f2e640bd01afedcca43629d |
| SHA256 | 1f3d6acfb52d17a41c9f85f90c864e9ae8120d27dd3c70c72c1adcb29c8de093 |
| SHA512 | f43ed0eed193ccaa188509df1f3c8fe4cc4ba0ff90efdd1b261f4efa4ac72ea063fda0e360c0fa5284b1501c35d138ad4b7f00480926e8f3acf2157ce49c22b4 |
memory/1300-20-0x0000000000400000-0x000000000099F000-memory.dmp
C:\LoginTemp.ini
| MD5 | 9b2456363290ba7d3b58b22d66ce6a18 |
| SHA1 | 43f3a27739354d6a21dab842e5910205eb7ebe6b |
| SHA256 | 95b5335823c05e3acf512d08169bf4cc9925d70e96b72e83b472cb55b094e218 |
| SHA512 | 3eceb636eb660bf20d558a396a0ac186902974e9737354577b301765407c98c94f800c62083f6e648bd576da8a84e414919a7a99144b409befea5bb86b48cbba |
C:\Users\Admin\AppData\Local\Temp\GameLogin_Debug.txt
| MD5 | 4af02ce2836820192070e0a08ec2f33d |
| SHA1 | ada5e3fbf67e3abff2477b0b8dd798d534f6a3c2 |
| SHA256 | faeaf5a123aa8e2136d0f0743c542d250fb099070ffa51d3ac6cbebe2b669b47 |
| SHA512 | 84093881844e3dcf805dda63ec932bf74d9e69ae931112c9033901c2552da840fc0a44fb535bd2b2115569143235e25772e3fe05beaa88409a95e3491e158e83 |
memory/1300-21-0x0000000000400000-0x000000000099F000-memory.dmp
C:\Users\Admin\Desktop\2015԰潺þÇéÔµ.lnk
| MD5 | 50a0df331bf15942ff34dac9ee224032 |
| SHA1 | 5802541965d37d4b9d4bc014b9aa7baeb1a2fa13 |
| SHA256 | 6f5a32f2824387ed1b34e33a0e27ef8791f05c8ee93219790df7dcefde53f624 |
| SHA512 | 4bb657ce9806c3d74db77719b9da9219ab5385d3ca0567c0096348e992f4958461e89d5817d11f2cae2fd4e1afa431beb081c1fbc9f487870a6a8b5e2c406a25 |
memory/1300-24-0x0000000000400000-0x000000000099F000-memory.dmp
C:\gameofmir.bat
| MD5 | 4ce55cae36264db969790a6a0f7841ae |
| SHA1 | 92d436993d32ee8721b3cd0ab2ef61366e59d403 |
| SHA256 | 6a2b0f6a570f295472d68edec1c14a0e92e433130190b18de62c85ba34f381c0 |
| SHA512 | 2f7d66245841df0ca49759dd6bed68ab271a1f763658122cc60b37271aed547fe2bcfab5530b8fe582c5bcf66e74abd77602932aa0c169459f97f0d0ab0f1492 |
memory/1300-32-0x0000000000400000-0x000000000099F000-memory.dmp
C:\Users\Admin\Desktop\2015԰潺þÇéÔµ.lnk
| MD5 | 06b59be8806aa3a2083afa05477356ec |
| SHA1 | 006e2fcbe225fbbb61c38a27fe566ea01df01880 |
| SHA256 | 2d9e844bf68698e14e70766d72b064289064094b804ce648b396fcc252bad43d |
| SHA512 | 009030f89344b94914fd3cbcc29c191780934203ff762ea4966a376f0bc6ee62e315e045e971dcfb0923c8516b34fdf06f43e097914b626e1a65fbc775e615fc |
memory/864-42-0x0000000000400000-0x000000000099F000-memory.dmp
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\gameofmir.bat
| MD5 | b47e23449e4fa6dede957f9546f5542d |
| SHA1 | 0ba40ed56221c99f20628267df571022a3e9eafa |
| SHA256 | c87b3c4d65a81ae78d22e86cfe4e9390a9cdfa26967bab32aa4560175fcde285 |
| SHA512 | 2694acb4b3ad3cd8073d4395af45ed87b71c4ec52fac82b8e795f946e73efdf43618678dfd7d3e0c3d56042c890e2bd02ab1e14a96fc570b9f54b517f1d3e065 |
memory/864-50-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | 6150872defe7801a3a1a9972e4726ea9 |
| SHA1 | 01f0447d51b5f3d8328302895b1c3cecd0070ad8 |
| SHA256 | 0e20dc2f57274a85eb9012be139e60c9a08c8ff95cc12401e4b521d7e565fcab |
| SHA512 | a284d61939909807d9576b94c358ff0c04fa2d8d1f012b07678a2e62ebcf248ee630ec4497ab1574bbc20cfcfb8072954c6a17fe237e250ad44f9e5131a8c207 |
C:\gameofmir.bat
| MD5 | 7427bb5bf3be7f2694e7df4e89d8cc92 |
| SHA1 | 2f94f843946a1debc6c4f13d4c348d44fd805443 |
| SHA256 | 48b2f8ea6c86087572c8497bacd2857e8779c0bb1626740d0092ddd42dc720ab |
| SHA512 | bf2f2f822eeae372cb81984947798e6e5b2900aa2ac3837583c1ec71e87377233514a905523c39b27fb5488de4216f82f5e31bfa926d4623767390c566ffcaa9 |
memory/3636-68-0x0000000000400000-0x000000000099F000-memory.dmp
memory/3636-69-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | fd684de6bb0593ca48b5da0f3faebcea |
| SHA1 | 336b1d24d75df697e131181251feda3780aad3d3 |
| SHA256 | 733f65da23416e36ebb9a85e892c8fea6adb39b6330f1dde6a6125290365acb2 |
| SHA512 | a4d77176afdf7b86928b47eb53e564df502ae856fe9d4622a55ecbeaa14510566f08ae9c2177a51ad41fd4201035dd077ba25bd0e092a2973c92c4f5fd4aa43e |
C:\LoginTemp.ini
| MD5 | 072418f231e0bf022453501d596b6b89 |
| SHA1 | c8e473298746f00c4f88013768417388dc202edc |
| SHA256 | 02498df477a6df1e5fb0e320e05b5554350e53c48178ab4fdac8a8c19b3ccda0 |
| SHA512 | 0547c2f3c9da08ad230cd4910d04a24908dcd030ebbe499a7158f2c2bff4420946b71f91371a2345468378c90dfad804626d814f6b8031172a0ae998fe8fd8c1 |
C:\gameofmir.bat
| MD5 | 23b6731271442175a78f451c4d0484a9 |
| SHA1 | 53f9cc4006e9f71e895fd7f73d2304093460f7af |
| SHA256 | 541d29360511b48de75c4dd2b90132bfb92fc7990a3b64af481daa40d7835aaf |
| SHA512 | d432f30495da9de2471aa811a0079df1acc0bdc1c57377adea5e80a4e1a3f059801605ab5b732c9b323664917d7d8822d74f1643b62aa2d509df3e2ead0ee067 |
memory/860-86-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | efffd6bbbdf3429c66c2b08e68294ef7 |
| SHA1 | d025a6f7970b9fe40ce433fe5b29ef5fed4cfe3b |
| SHA256 | a9fd898ece70b57d179a97a82be77d510cdbf1d23af97b1a5d433ba8db1edf3c |
| SHA512 | 66183a0f587d83341a5d06fa9dbcb975887991a09de5cee5231f9a1780fbb8b6a38862bdf5209b45dba3da1edd156da72491c6ac50bec99100d6cf68a2fbbb19 |
C:\Users\Admin\Desktop\2015԰潺þÇéÔµ.lnk
| MD5 | 4d8f28f601a0ab82f3d264dd634e22f5 |
| SHA1 | c35224eb7bd262a018afff9afcf4074bbb8e0a84 |
| SHA256 | 85b3fdaf2a7069698ef3ba7f4e3492c7f65beb9e5a89a9aa3a258145d2f0a8c6 |
| SHA512 | 052ad10476ee82b0c7ff351748070f9294c768715a9770a70a7fb4eadc954824f6d5addb6577dbe27082f1ac96c5c92c1256829abced554ab238f70897c33995 |
memory/1448-104-0x0000000000400000-0x000000000099F000-memory.dmp
C:\gameofmir.bat
| MD5 | 36eb7bd5b29c2bfd821e98399186cbf6 |
| SHA1 | 4fda83a711a7aa2fb1ca626cde9edefba12972a9 |
| SHA256 | 860cb2b65f1daf6f59ace73571bf7d3bc2d7870a1471636d315180f045788e61 |
| SHA512 | 444222e3c7cefe34624031bafdc95098bc199dee6df73d03cec4784a902d589a6cf350a4cda02d71d05f9b5e57fc3511caf421048c5458b5c474bc55e72bc41c |
memory/1448-106-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | 6979579ca3728c66193ddec0f83dbfdf |
| SHA1 | 3466e29ef7d277612e79234abfedb5b17a21ac1f |
| SHA256 | 3ddb764751412b9ca09fa1d8d31da52e3bac60436bda4e24dbb64dfd255069f8 |
| SHA512 | 8809b85473395ced809ba2d31741b8c72450e6ba810eb79dde8f759dcad7382cae2b23642b73f4bd65a4bf2c3de602c230d3c144745af5d68b3449f18dd9fd20 |
C:\gameofmir.bat
| MD5 | 13fafc99ca6f22bbac842316ac148d00 |
| SHA1 | 2e681aa36651eb9717fa0e1f30f5ed6396a0ad06 |
| SHA256 | 036d6f3bed67c9d65357abc1231f2d70e672638cbd8dc388469856a445580ee0 |
| SHA512 | 649c5ce761cc57a981c4304f491f104fd73cd4ccebec72f3c580741c0f074d36bb5b1f804f04fadb219f8a435e1245b2cb61096031c0854e0cd2ef925a004653 |
memory/4680-123-0x0000000000400000-0x000000000099F000-memory.dmp
memory/4680-124-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | a86593504dea433d6baa88e480b7b258 |
| SHA1 | d1b462c48c4f6c31e64760ade8b16b2936e9e28b |
| SHA256 | 9c7467af4d1dfca29a2d140388a6e7c8e060f5801117560d27e0547bbf2ef802 |
| SHA512 | b66429775aa6fa7c59b708188fcc78175cf7dbd4a8df633b4e28a844e8e36012070a175d316c2b80a59f16452b27be4d403ef7b789d995e6bb2eb4fe4e4b89f9 |
C:\Users\Admin\Desktop\2015԰潺þÇéÔµ.lnk
| MD5 | 3a8d4f07506549f4f2b7a766783bfce2 |
| SHA1 | ff5f7e96f1ef782283fe35f60eb04607d7f5ba54 |
| SHA256 | 2b2d65ac6ad56d6b76113d3d3a10b64dbb5d994918b85c0a1057258b9697381a |
| SHA512 | 08cd759ead285f888dcc92b5b2b294306258973cf5f6d0c41c2d480b3a3645dd489ee5094b256b748d65eb52a83bd7beb0d93cafc7bb5e228ba9a4a8855f03cf |
C:\gameofmir.bat
| MD5 | f335220f493daacbdce6e52ec3ae02e4 |
| SHA1 | a43f1108f3f96bc469f8c3b88adbca1a60b123ed |
| SHA256 | c49bc04a1b2cbee1000845609ba7165ceae2431919fd58471e2d121f14f37ada |
| SHA512 | 6554e6dbe9c34a01a9170906abac8b888c04a8f6463d0364fcb22f690d33138daadf72e867c1a928a26f8470f2c771fa4f44a9b74cc2e546eca37f11d25a058b |
memory/4428-142-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | df68aa0a08279c202351b1bf6c4168dd |
| SHA1 | c788bb0923f2050c68de60f8893811952719a2fb |
| SHA256 | 74a5b1f5909a36f08933867c37a0654e8ff8381aa03ce73a926241452c6fd53c |
| SHA512 | 38bc539952819f5d7914acc4c9517dcbe41742abba9fdb6f6aef380173a334c81ce793ae96ac13e4b4634a6470dc0608db9ed292ce6a5e6c0c0a9a221dc1677a |
memory/2184-153-0x0000000000400000-0x000000000099F000-memory.dmp
C:\gameofmir.bat
| MD5 | 3dad1858568c3047976c20ec1267ab73 |
| SHA1 | ccd29940db129c610e183bc3d8f75f802284bc09 |
| SHA256 | 5bbcd7147d120ac28174cfe4cbdc9a0cf07e8114d945daac63e1c06b60b263da |
| SHA512 | aa2ca442d62aa85a5372b6e4cc661d28e52d93fdabe3cdeed437a49975d56f8ad7d31771bc2cd7224399fa5582c5980cb2c03599ed767980cb527ab0ec4f7d14 |
memory/2184-160-0x0000000000400000-0x000000000099F000-memory.dmp
C:\\GameLogin_Debug.txt
| MD5 | 8a4384de82780decfad20da59299608d |
| SHA1 | b4747963b87099664f43a962ccd63d5221fb8ccb |
| SHA256 | 171fc0310aac88098b84827e4f5259ef172cdcfbee23a75fd5fdcad3ebb71502 |
| SHA512 | a4d1dfb4abb1912a4950073e0a4e5040f7626410e2a0fbf34a94711689f9c38d5b0d3da4b3bd62b3ac5c5dc396e7af39e8d9f872a6df0459d508f577cfcbff8c |
C:\Users\Admin\Desktop\2015԰潺þÇéÔµ.lnk
| MD5 | 20ecf69761f378fc1081d52af84b52b2 |
| SHA1 | 97ba83680e8b3d022422be0ffb094091931663b9 |
| SHA256 | 1351a9680dad520b87611b710a1bc939c9b3885c9b33c955fc38f292c7156915 |
| SHA512 | d684e789b7911ee4ccbd56eac1c24b6d493209b0e7c1d3ed7609988257cdb39e0fdfdc93561514c55c87e3ba21ac31c4908bc41b6e37d3ed8705724833bfda10 |
memory/820-171-0x0000000000400000-0x000000000099F000-memory.dmp
memory/820-177-0x0000000000400000-0x000000000099F000-memory.dmp
memory/2548-183-0x0000000000400000-0x000000000099F000-memory.dmp
memory/2548-189-0x0000000000400000-0x000000000099F000-memory.dmp
memory/2368-200-0x0000000000400000-0x000000000099F000-memory.dmp
memory/2368-201-0x0000000000400000-0x000000000099F000-memory.dmp