390d7472201e8ea9bdc6c7fa2b4ab1f6faca02071f1f997037cc5f52759a9cb6

Resubmissions

12-11-2021 18:04

211112-wnzb8aahhm 10

19-11-2020 10:08

201119-rhwlt38jrx 10

18-11-2020 17:26

201118-htd4fq29va 10

Analysis

max time kernel
141s
max time network
318s
platform
windows10_x64
resource
win10-en-20211104
submitted
12-11-2021 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecurityTaskManager_Setup.exe
Size

2.9MB
MD5

444439bc44c476297d7f631a152ce638
SHA1

820fcb951d1ac8c2fda1a1ae790f52eb1f8edf2e
SHA256

bc2d5417a6bf47d53c20c280f6e4b1a3e00dc0b6bbd3e26b2e591fd2f2dc4cc3
SHA512

160f4b095d37a9f4c6279a4a19f072e170c5f819d0e8e588b2503711b9e2eaac9567b48a9e42bf15af50ba60e64ef97a64e003230369aec0b032cb2030fdca00

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

setup.exe

pid process

944 setup.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
944	setup.exe

Drops file in Program Files directory 64 IoCs

Processes:

setup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Security Task Manager\LisezMoi.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\manual_en.pdf	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\readme.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\ascode.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_dutch.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_english.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_english.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_finnish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\sqlite3.dll	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\order.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\Setup.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_italiano.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\LisezMoi.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\TaskMan.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\SpyProtector.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\TaskMan.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\taskman_ru.chm	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\Formulaire.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_portuguese.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\order.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\ordina.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_french.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_japanese.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_polish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\Setup.exe	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_japanese.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_portuguese (Brasil).txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_portuguese (Brasil).txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\ascode.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_czech.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_danish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_french.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_hungarian.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\uninstal.exe	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_ukrainian.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\psapi_.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\taskman_en.chm	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\taskman_en.chm	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\taskman_fr.chm	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\uninstal.exe	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\Formulaire.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_korean.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_norwegian_bokmaal.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\SpyProDll.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\taskman_de.chm	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\bestell.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_spanish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\sqlite3.dll	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_russian.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_turkish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\SpyProDll.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\manual_de.pdf	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\file_id.diz	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_italiano.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_spanish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_ukrainian.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\liesmich.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_danish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_finnish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_turkish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\manual_fr.pdf	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\manual_en.pdf	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SecurityTaskManager_Setup.exe

description	pid	process	target process
PID 4000 wrote to memory of 944	4000	SecurityTaskManager_Setup.exe	setup.exe
PID 4000 wrote to memory of 944	4000	SecurityTaskManager_Setup.exe	setup.exe
PID 4000 wrote to memory of 944	4000	SecurityTaskManager_Setup.exe	setup.exe

C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4000

C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
".\setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:944

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Formulaire.txt
MD5
ffba8873713b30b189291c9bcc150cfb

SHA1
3aa4582a1f1afbe9ceedde5c2d546b6c92cf9cb4

SHA256
8b093d87c84187d7d74ce4c4711d7d46966a6eb2cb8eba8ebfa2d885d2c046e6

SHA512
2ae87cf05a50d3a0f9b745138f310e4dfe3a7f2b447160c80914071812ce3015a5b1dadd6071d2f23ec83665d46692e73afa7bd17604d75ddc73b642e1922bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\LisezMoi.txt
MD5
0637bcd4fccf8d53c05c4935292d5289

SHA1
015a372ee19956efe7557e7fc45c553e8650c742

SHA256
00201a7697011646e1b8aecbd7ab8ee113eef5d01f7db4d9a3a594fbfe11cec3

SHA512
0f874ace456042f19720065d654a2e8049117cc13580feb3a8f52b40f2fdac5fd52429b61c5c9be51c0062dd4238595bb74bb9afb382505fbaba992a5e73abc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Setup.exe
MD5
694ba0b43cc2ec5055a7ffa3c4fc3aae

SHA1
12863f8925bda943ea510239820be15242b6f1f9

SHA256
a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295

SHA512
12ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\SpyProDll.dll
MD5
642021c03975d907d65803aae9ec3dee

SHA1
cf8821f7e6dcdcccc817a44b52ecad5a49fab07a

SHA256
0289ff37a7d4b6bd44ac96c714fe58329d4b1fdea53f744ac3a5ae731236f87c

SHA512
fb917a2fff05ca44cce9ddee5ecfd5ac79ba943dbb32027353ac428c48aa0b898f9a83bde80cc6c08ed4fcb490046642912bd50c51fecc33d24bff956094a6da

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\SpyProtector.exe
MD5
fe1390ff004aa8fb73f403d603a93a54

SHA1
11b1f9fc0f90629f015cf614da52846eca572332

SHA256
c9d4cae5805c82490facf0bc7f6766b8de645177566532376041af3c4d1000b5

SHA512
67227c7aeb40453293ff3edc23fb5e84eb89e3b56b4b7bf36117390d6937a1c258186c2f25b7ec3be12fbd76b98c5ef2a5c86ea36cb4581307b873f5b486c5c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\ascode.dll
MD5
7ebfde51ee8e23d22d69b68f7722cc37

SHA1
e057e91ee1934921f5fbc904c11c8e90ddba4b45

SHA256
ca99564a02ca24d1bf6e52505f517ad3eb014884496e49c5afd94fc11b40054f

SHA512
9eb45dcf4f176d268ed81a3f11c0ef1315067e0898a40b59a8e9ad6c051ba85c76fad81a807ffcb9dca7a69ce67bb8101e1270492090045d96de716ef51ca49a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\bestell.txt
MD5
481325e02bd95664323a5299da4f8bfe

SHA1
6cbf8548b86496c66614446113c378f502c597ec

SHA256
d9b135d7c0b39e38fef169306599f3f8b1a82d701424892969ea8c5d6e790777

SHA512
4f44805b213698f926fa28c88b90876cd9fdc853d5bd22fa6b579587915e66aa630686a53382669b2e10952732672258d359085bd9e1961aeee9124aa631176c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\file_id.diz
MD5
85f533f1e1d0c11be713c91f29bbad54

SHA1
a6ecca28854b2f6afa23f3af1befc5c7d88192ea

SHA256
6fed71e2951b70f3e340a982b3d1a2914768d8c9691e6cff465ded170944ba77

SHA512
f9d930bb295db9b2aa00b8262e29a0ec35f48c33bb277f881dd903c81a782e06c6cf0fa279186cb53749a5b08bd8b1e43fefbbaf38b23f0d0199702e701cd822

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\leggimi.txt
MD5
693ea8d965eee7aafd435c2e89474736

SHA1
d2f789dda9d57abfde4b681efd5e9d718dca2b0e

SHA256
70cfe07b5936838059321ce558058797ea3c4c3619bd53dbe05ae3b633ae8bfe

SHA512
7ee605d73ab9f1821d755c936d75b1a10c6221b6fdac664fd129ee398666404e2af8c513e92e47443da6a42c1bfc3f2eada630f5b820994d107851a06ad58a5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_bulgarian.txt
MD5
89f324a12d6e19b549027d3d7bfb7ae8

SHA1
a12479a93c5a70eaf5c4d606dddddefef05ef26e

SHA256
ab2386fff64d22e64fb1e553286996232980706683245806f185fd2f423fbdb5

SHA512
a0e1707719dd4d998f4e02df7672e75723b7dfc7e4f05f02741f059e6a69cc4444b805b9d7ac40ea53e97cd9ed2d89b0314b2b61105416582d6e9bea9965a8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_czech.txt
MD5
0d76174d68f5fce7e150c972eeacef9c

SHA1
4adc44d638859253e3befa3407fdbde8866a5456

SHA256
d5a4b68cdf201c17b466bc75d29e91b43dca6abda228caf2b6752e09b8a19058

SHA512
2ca4cbc1ef23a0b11bd32cff0824b655285d4c8f5535e7113f915e607361211e20ab28e6f5f1da2a26190141809f233434135c27598b6a7f14d4376cfb916f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_danish.txt
MD5
1325b58debc1e7a46c705a44b4504734

SHA1
d68af1fc501342923a23569bb058a7e1510c93da

SHA256
d740c5e0e760f7c7547b98d8ff67efa8cc2558fd05c1e086f25919fda5e681f6

SHA512
7427b50a0ca11bc74f9182c0ad2952b7a0495d75b53b8bae4fa88ce8b615bb905171fa7883a8ce6c93b778a36e579b8963646b7aeee5a4c2569a0e562f6bb56c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_deutsch.txt
MD5
b33fed70df15a44085aa88647d211c81

SHA1
2ff758266c852d72a6c9aa001c4cb7f50ef15a76

SHA256
a097180501190a3efee4f776485a072a8ba3ec77ae3052932d602b4dfc767738

SHA512
f03330183172e48174c8603dd4ab371b03650ddc9c96941c1cfd9e5b394a60f98a6046d41916992bb8ce42400cb91d7976e4aa2822ee69f950d3e9c7e382d966

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_dutch.txt
MD5
b930f96bb386f7e289310c3f5063178a

SHA1
955a30d309d0dd17d289b918a611bdd9de43cc5d

SHA256
f49bf79f10c2af50e0a584d8f619551b21fe14683f2908ec552fb8364ddbc28a

SHA512
d4a47caf59956e67eaef294ce3e8732365eaf7623d2933b11d7758f80a4b92637dcdbe95ea1a1674f1b69a0b2ee3f97ba529c623c9e7ac9ca585464c0cc0c7aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_english.txt
MD5
34c121268b1c3fce53172b3933b075a3

SHA1
c44fa37db476886859aaef75878dd7806a7ab518

SHA256
f974ea70d717e59d27fa566eeae52831537207ad4bb6308ed93e387f5fced2c4

SHA512
6f2aed20f2ea8bc028f923918a4f2b5af131584af94f51536cdd6ba59ba389a8ad52c586226911d67af9d17b53151d677fe190ec0df4f16d5ace189ca3e503eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_finnish.txt
MD5
7d873c6c96a6725c7b0cb5dfb1a09e87

SHA1
dae7dd06dd465fc4f98d14d027025eef10c5bf77

SHA256
05dbe3b460b51194c276b9fa2b41292ec52e5e408fa005950f027cf11fb2bc26

SHA512
f5f98f46ae0cfb379f7de9258d12287c2f580181ef713af8a9a0b3f81cbc9cab1c9295e18244989bc875dd177f5f6727431cd0dc8b61dade61acdff09677e398

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_french.txt
MD5
3184a1d71306f0b0b2f73169520c1029

SHA1
59d84aa3bd19d6f2aad47450bb7c28da97057e11

SHA256
1dd3e5d60c64b21c265f4635473f9dfde10d1818f7a6ecb3693089c9e225d390

SHA512
bf7813a1410ff8e6a2fca41229147c121a85dab9dceed79a03e5e174eff98fe02c9e031c40c85e27c6af8a55de976983078d641da51a323c6ead8f3e7362719a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_hungarian.txt
MD5
a54d196a3a36ba5224d4c409489fda77

SHA1
95f6502f4f827f2b70c4aba2ceb8c9a6af9e439c

SHA256
a92d6b1995801bb2e13b8362bacdf2aeaa4efc5abe7a292c1446f60aae553158

SHA512
b774d369c66192ff1ec4cde1f5b11c8e2ef4d856d65bcb0abdee855a7fb41af6a9eebc88934722e13f09ed2d9679986c2556b26d28258778bbd2fbc04e8667ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_italiano.txt
MD5
6fa6baead051fa1ea55a9d617d74843e

SHA1
63adad9e223d3611243478c813906dea3de80115

SHA256
dfcd1e48dcaab1ca041c937a81774ef753cd0e9e3b0eddcc0b4c084585b0ef4f

SHA512
70ed25b4258ade5eda92c6bf3427217cb9dd78b7e843586198de24fcb1ee31a3b0d10613a3d18b06ebc7e2867a5111af5fb7cb7674fd55149767f038f3f771ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_japanese.txt
MD5
0e62e49c4a1868113e00e266d39c47a5

SHA1
2be41ae1857c30caf6e1124b51652ffc35779034

SHA256
1f6e19ca7500dd3193bdb2d384fe1feed96c1b1dbd9e58c4a27c71b90cb10cfe

SHA512
5a8ac80e582545b6d193db5b5e2013aa7ddc7f6e830f5cb497a4a2c1ec31c6dac382157cc0b0f0b8cf17e7247dbb9a094198131fe66e4f58c1c71a5749d2702a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_korean.txt
MD5
992c0dde82beac0c0eb86b137744c196

SHA1
8ee1cfccac49a5b9df6d8f3572ecfcbe592676cf

SHA256
312980aa8444655137044d3323ed0f5f3d6d2d4d503512e029ffa4429d92fa6e

SHA512
074caed4ef7044c032960e3aa4240338356323fb3f880588bf35775dca462acfaf792a14d11113f7e814c19d7e947fed15ddec5f764d3b9a896c36a941192541

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_norwegian_bokmaal.txt
MD5
179fe4667bfe1d977d687493f59d7adb

SHA1
b3d900debc52ff3e77fb426636968c1f1feb2800

SHA256
3e7fe5d3b0095143d86173fd99775d8d0065eaafcf9dd683692062e026879922

SHA512
358d51d4f07207ec3017386458d3073e657636505c09cbe1b7e31b3cb778926a9a4a517ecb140e661d3b30586f12e94a5a659cd4cf9ac1332030ddfa3f511c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_polish.txt
MD5
ce3dcf85fa453f3d735005340ef90ae0

SHA1
2c33a89e2d7853d8b1dc40287485f172476129e3

SHA256
f1f0bfd7676420d8668d0676ecce039b84b023dd12ecdcc19ac4b01b1bb9de61

SHA512
db7f772511c79e159ef842bc1effe8ede244bdb0757446e97ddd39761c3540a05a2475f11fe90da2b8a9bf0c532cabecb27051a4bbe459387961294fbbb86bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese (Brasil).txt
MD5
07d5c6cf24d90859e1bbdec962662ac3

SHA1
2f4f9b6e3f1bdb3de3a44ad98427fc55738d4a8f

SHA256
485de5cc9654510903431e32cf7e7b9afaeb0a575bffca7af5f652429654f0b4

SHA512
689bd4b50a107cb2035dc8d9757d44d53b8c97a4a6979bb3cc2181cd416f6a5fab0293889c3dcde8887414590ff17df627da504d1936e3883300da411ab6ec90

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese.txt
MD5
57dd15b63e5116d4192756eac357fc77

SHA1
2e4cbdf15c9b2da2658b6e2df1d7faa26d5563cb

SHA256
3692ca1b6e64991835da21e50cd91f2c20395a0a2290655284ec477ed5e241c4

SHA512
316c68da136d6b23d40742e5da545acba87e0c9729663afb43f4a12d40505f8f51657de2ee22c7449d1fa072a9505d16759914e019f47d2b64d4f7fdbd120a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_russian.txt
MD5
27775d53a8f8bdd46d2cd07808540fa5

SHA1
f9c905347ac04e465583f5b57c0248d3bc052783

SHA256
1c0888d6a709c536a3f8f29cea3477c8bd1d91bc7beb68e6854c7228c52555dc

SHA512
96e9734ee5c383045f9779348c2977e87c6db249bd51e75667a46d34e105fbb9e99ab68df1ff9aaf092858f751f03996ec6c27b2b35fee7addc300d9642b3306

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_spanish.txt
MD5
1db8fa700e36994c13075acac2b3d1cb

SHA1
049a77576da0bed590109cc15129686d72e12399

SHA256
00fd546aab44ac4cf4cfd822b249ef7ecfa0a4b8afdd6438ecbfd9705c7ec746

SHA512
24a7ed6098c629bd210e0934c13656d6ece22f4da68296ead9a0883ab395afb90c3f37596b8f0007f4ebffef8688a7b1686c1618182a7299ed17da31636d09fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_swedish.txt
MD5
37f4289c2977a484189b9ff44a590b8f

SHA1
8165528ec43e0131d139e6696ed3317bd283d2d0

SHA256
ef67f369daf2eaa2878330c076654d4dec001d9e365e35888e82fb10cae2153d

SHA512
5684e6d543fffef1e08bb5645c3c4d2e1ae37a03243e9df1c44daf1f40f2514fdff8c7cf702d9c7e78f6dad0a7d93e4ded95ea58442125c85b87621d3839d12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_turkish.txt
MD5
ce97c5cc7ffaa5d6b18d313d4b8eae81

SHA1
1795b8763718fb31d1e0396567232d9891e49d81

SHA256
89ce1dbd43e5d377013f2228de688787350c8f11d908ecbc0ded355c7bc63663

SHA512
9efbfa39beb9e032121c57a3d8f713a387dfb7feda44bea4bdad8a80a2626644da324c01315475445974883aaedc0432ca53920f154427151b9b650d0ebbbc66

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_ukrainian.txt
MD5
df09a44cde9e14378fe3ddd47a8ca3fe

SHA1
39d880fd38980a5dde18c1fb94707711a07878fb

SHA256
59d771c4d45af27f793c38ee78a2a5c5667f877d7f65313cbad93bd8ec3b1fce

SHA512
5a3cf5f280d29496371e4ee8a21966bfd6aaaa208eddf4112d67198ff639798e68338b07ae5b8aeb498c7a3875ce2f42a8f037bf5359ab707d0a6e796510a33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\liesmich.txt
MD5
c002d98fc4f20fd865c5e9a827846227

SHA1
a491a97fd919aa259733877357ae41907ea1e89f

SHA256
d8a27606908582e5de18916e04937caf26c1f3f0803ca4d1a5841a4cd541f10e

SHA512
b627c34087a6a2d7b1a88229dd4dd763c26f3bdb346318e376c1af0036fa256e18be3ddb6d6736d194f2db3f8d88a9ee4266ae85fd00d1ebd21acb35fcf69ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_de.pdf
MD5
17bbdf9fc220e9effacaa5a76cf4b688

SHA1
05982d1a90ac2c19ab7dd71fbbb841fe48485eb3

SHA256
af89a8b1030faf760c16b66524f8a04188e49669faa6f8123e2a4bf0abaa75bc

SHA512
b77461c2785e68307304da7d7c4307d5c13a6df04d3fe89ed95fd50fd3aaf2417dc384ff806b1824089535da05b2ecf2fb8c67a7521430b4c6f1248a70f90f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_en.pdf
MD5
f8dc026ac75362e1e5e41469cddae40c

SHA1
d465fa14ff76602cfaeb3b93bde5bd6fef2b980b

SHA256
d97aad84fc29c2b71ff9d07c645bb1b3db779412f5673f5bd37b55520710cbce

SHA512
08d823c00262f16413cbe461d2bd527c9dadcd1c015ba2466a53146207b1285e8030c584e16cbd7c5d16602783dcf655125127ac53e4804604ee8f2954b277fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_fr.pdf
MD5
2e520e5df20196599be3d391cd2cabbc

SHA1
615cbb1e5d7c2f74cc96e23baaef0e3f64a47744

SHA256
1793d22416e19c15f686c7319146906a41d51bec84488cd4012dfbb3e1d662b0

SHA512
8830444e2acc126939b200ca69b84e9bc9384cf514ecfb6b68d56a3074ececcc344787b00d628e69bf3ef1a93bdf0ad0c2975dea0adf3cc703033ac6c7b318f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\order.txt
MD5
7804e6beed4c16899a2906e78b9a48ac

SHA1
a606e6b2a31511dec5c55a2c173279b001b4b142

SHA256
b219cf498e86556833c2a45d508edfa39065609b0fe02711c8bda925f2330b17

SHA512
4fb6ffad5abb0146de87a9075ecc4def79dd0a899fa4626af70c7fea3fd9b7500465986a3908f34d9e91369c3c92dabd107dbe33b9499a329c826464c313d55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\ordina.txt
MD5
f46581e592ad7eefe7068564c1563925

SHA1
04795106725bb6abd226deb305abb49ac9035e64

SHA256
94382fd3bd986b7897b6fbc1a1730adeef8bed24efc29f1a00a3619ed9689878

SHA512
c73f2f287b6bb422fad75eea95990a23deafd80201f2f3f42fe7d0447c28148d10cc90ca5913b3cb8130bab862f36aabb289ebdaa7473b7b877a91deb84c3463

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\psapi_.dll
MD5
f20905d2432a3f160e5f122bc11a6454

SHA1
60d38e62ede037de0ab90bcfee2ce99bf9bc2721

SHA256
45249a3b05447a0d12ef91332e2566552dd78f1fe1eea13c5d4195bee346e220

SHA512
43b9b1160e6607b3acd090c0cbc496c8db901723cd39bebcb41d7203647ff32c3a54e5dbe8f2be337e82da8a25631893283e9f28ef8d1c1cbcf6736a81996688

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\readme.txt
MD5
467d46b80fee8540ef1013c05f9e9c61

SHA1
26063f62049b7cd2961e2d5c01ab420d80e3b5eb

SHA256
9e5c9fd3c3e7bee41ea0e4405fee75e6b614d14bcf2b07365150b11e65b54191

SHA512
b977c0b8184118153b3c3a4e15b81956e0c285c468c3f19d2717809bf68a74e3e2d0ca5794f37904275f90cdc0d8e71c0e0f33774fa5d22b2f12a904797fd200

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
MD5
694ba0b43cc2ec5055a7ffa3c4fc3aae

SHA1
12863f8925bda943ea510239820be15242b6f1f9

SHA256
a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295

SHA512
12ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\sqlite3.dll
MD5
b6f45fbf727f8d872d5dc6fdd6393802

SHA1
558100cb8b451efc205fbd2cde0a8f88bd3c8da5

SHA256
07b9f5c9858f3477f3bb6a11c8283c3a34aa7085f578aec95de37053430de83f

SHA512
d480cb82930551050eacc5b30590b5d1d8dc717baee1936b5576bf330a311f1f1991d5826c2ecbc9b0cb79dcd762ca3221dbdd55025ba858c015cf6e9d8350fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman.exe
MD5
3733003588acfbc9ff5df9765c80d405

SHA1
b52befaf06a525407de46499706ffda1df024263

SHA256
0c87006a32e187cb1fef06dc9f19b547c78909e88ab59cc89d7b53aebbae9b4a

SHA512
b6c94eabecb85a507395c4a6c3717471bf2486d5b4dba8d946c0ae960af673455e9ff338f5c6bc33bb55b363c2d6a51fb0660d0aa0d99c6914ffb514f38be32b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_de.chm
MD5
2137aaec5e738be123c4299a9968b0fd

SHA1
3ca050c0aeef2151345bc7b3987d025497580a04

SHA256
ecd1cae3351e256b6cf573dd225bbf07d16f1573db405c7e480d42968f7dc112

SHA512
9510dfc86097dac5959bf91c8ef1d28dd4ed3da78d7d86e18074e2f1c8d7a3c0b126531159eb3e533fb8d27223a3b524407727691d4a0346d579bd2f43eb1cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_en.chm
MD5
ed18c518441bf68870112b570e194dea

SHA1
4d31c97d4917e8ea1d0a3361d15556e5be3f145c

SHA256
d931e949fdf17712d1df0e685fb12aabb56133cab84d7e2c6650208130b98316

SHA512
5db06e0b6c1503cf23ce13e0c1072277795307b65f4ebd3a8c6710b7c6785ab2ef467f10ee409c42c3cc27ff9c1bc64f3818c7aa654efed6f8b3ad672f59fa0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_fr.chm
MD5
c811f6be9a3813dbc6baeff19d583924

SHA1
b7e3eb48c401cd8bd65288b5ae31726aff6aadcd

SHA256
d04cd33d43000e280d2733f1bddf40b9e6cb9a1130fdd69691868f8c7e96da8a

SHA512
26a8c184d72ae27b8a8accd8c175630cd64ca9bac82e8ea2006e1f89edeca4b44d0ec5ff10afe24f9fa4ee40486cdba2787695e0b102796e73432ec9ee47994d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_ru.chm
MD5
ec03fb4196db58f7dbd23f663ceba54a

SHA1
39dbd6f756d5d831c7b586078cc793c6d292ed25

SHA256
14435e49783fb2758b1ef0b4279478759681dbcad77aa9064cdb13359caaacad

SHA512
02b4389db0df3a7511ba1a6d1e9642895b061674a96d739816a747283530bbf017486bc6d4a957e3bb936df1de380c854093f87fa411110e7f6567db68dbe6ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\uninstal.exe
MD5
fa9f0f001eeab09b8fadab100ad60d7e

SHA1
56ff1fbcce49dca4050365934ab7242813bd75be

SHA256
709c6c2fb71f06ad8daae77e7af11b3cec059f25793d098d2254572a788ee120

SHA512
7ee2d7c1c4732411fc56236b3457552851f92f0e7e0a358f780fa3e5c505d772906df9e6d9be346029c05bc56615b9a99c179dd023a32b7fae9058f857dc19a9

Download Submit
memory/944-118-0x0000000000000000-mapping.dmp

Download