Overview

overview

10

Static

static

10

8ab7965415...ee.exe

windows7-x64

10

8ab7965415...ee.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    957s
  • max time network
    960s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-09-2022 17:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ab79654152668be2c10be9cb17d941685e7733628dd7d38d6979516a75682ee.exe

  • Size

    218KB

  • MD5

    b8845a76e3942ff4d20ba4660ae926bb

  • SHA1

    eb90f945087c270a2ecc11753180ba4ecc270696

  • SHA256

    8ab79654152668be2c10be9cb17d941685e7733628dd7d38d6979516a75682ee

  • SHA512

    9e2eda3dfe3bbdf149707eefe67d889fc88e0aa45ae23023367a8914b8feabd1badb043dfb5f8301541d4489d31b79164380a5ac8031662156c639008c26c4fc

  • SSDEEP

    6144:aC61i972rJmciP98f2H64DQFu/U3buRKlemZ9DnGAe/Ix3Sd7+:aK972I/Gf2a4DQFu/U3buRKlemZ9DnG9

Score
10/10
zeppelinpersistenceransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HOW_TO_RECOVER_DATA.hta

Ransom Note
🔒 YOUR FILES HAVE BEEN ENCRYPTED 🔒 Your ID to decrypt: Contact us: | Unfortunately for you, due to a serious vulnerability in IT security, you are vulnerable to attacks! To decrypt files, you need to get a private key. The only copy of the secret key that can be used to decrypt files is on a private server. The server will destroy the key within after the encryption is completed. To save the key for a longer period, you can contact us and provide your ID! In addition, we collect strictly confidential/personal data. This data is also stored on a private server. Your data will be deleted only after payment! If you decide not to pay, we will publish your data to everyone or resellers. So you can expect your data to become publicly available in the near future! It's just a business and we only care about making a profit! The only way to get your files back is to contact us for further instructions! To establish a trust relationship, you can send 1 file for test decryption (no more than 5 MB) ⇓ ⇓ ⇓ ⇓ ⇓ ⇓ ⇓ ⇓ Do not waste your time searching for other decryption methods - THERE ARE NONE, you will pay more for your time! Every day the price of decryption increases! Do not rename encrypted files. Do not use third-party programs to decrypt files - they can only do harm! After payment, you get a decoder (.exe), you only need to run it, and it will do everything by itself. I only accept Bitcoins! You can learn how to buy them on the Internet.

Signatures

  • Detects Zeppelin payload 3 IoCs
  • Zeppelin Ransomware

    Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.

    ransomwarezeppelin
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Modifies extensions of user files 3 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ab79654152668be2c10be9cb17d941685e7733628dd7d38d6979516a75682ee.exe
    "C:\Users\Admin\AppData\Local\Temp\8ab79654152668be2c10be9cb17d941685e7733628dd7d38d6979516a75682ee.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe" -start
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4252
        • C:\Windows\SysWOW64\Wbem\WMIC.exe
          wmic shadowcopy delete
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1936
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
        3⤵
          PID:4476
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
          3⤵
            PID:1084
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet
            3⤵
              PID:4584
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet
              3⤵
                PID:4764
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat
                3⤵
                • Suspicious use of WriteProcessMemory
                PID:4768
                • C:\Windows\SysWOW64\Wbem\WMIC.exe
                  wmic shadowcopy delete
                  4⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1980
              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe
                "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe" -agent 0
                3⤵
                • Executes dropped EXE
                • Modifies extensions of user files
                • Drops file in Program Files directory
                • Drops file in Windows directory
                PID:4808
              • C:\Windows\SysWOW64\notepad.exe
                notepad.exe
                3⤵
                  PID:3744
              • C:\Windows\SysWOW64\notepad.exe
                notepad.exe
                2⤵
                  PID:2648
              • C:\Windows\system32\vssvc.exe
                C:\Windows\system32\vssvc.exe
                1⤵
                  PID:1692
                • C:\Windows\SysWOW64\mshta.exe
                  "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\HOW_TO_RECOVER_DATA.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                  1⤵
                  • Suspicious use of SetWindowsHookEx
                  PID:3852

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\~temp001.bat
                  Filesize

                  521B

                  MD5

                  8a55e9dcda6d9b5b2a7c0ecaccf13068

                  SHA1

                  4804d35c80a15f7d63c3a143aa26778391537e2b

                  SHA256

                  db6cd89149e838122410fd50253ce2460444dea299d5c49b1a2f97b561b0d749

                  SHA512

                  c849477241bc950994dd85387f51be5e050604c7d46f10c4b9fb3bc7e308d658a08a7f3aa0b691eefb5fac2baaf7a5dd799bb159758b600e4f8d332329b44e9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe
                  Filesize

                  218KB

                  MD5

                  b8845a76e3942ff4d20ba4660ae926bb

                  SHA1

                  eb90f945087c270a2ecc11753180ba4ecc270696

                  SHA256

                  8ab79654152668be2c10be9cb17d941685e7733628dd7d38d6979516a75682ee

                  SHA512

                  9e2eda3dfe3bbdf149707eefe67d889fc88e0aa45ae23023367a8914b8feabd1badb043dfb5f8301541d4489d31b79164380a5ac8031662156c639008c26c4fc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe
                  Filesize

                  218KB

                  MD5

                  b8845a76e3942ff4d20ba4660ae926bb

                  SHA1

                  eb90f945087c270a2ecc11753180ba4ecc270696

                  SHA256

                  8ab79654152668be2c10be9cb17d941685e7733628dd7d38d6979516a75682ee

                  SHA512

                  9e2eda3dfe3bbdf149707eefe67d889fc88e0aa45ae23023367a8914b8feabd1badb043dfb5f8301541d4489d31b79164380a5ac8031662156c639008c26c4fc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\TrustedInstaller.exe
                  Filesize

                  218KB

                  MD5

                  b8845a76e3942ff4d20ba4660ae926bb

                  SHA1

                  eb90f945087c270a2ecc11753180ba4ecc270696

                  SHA256

                  8ab79654152668be2c10be9cb17d941685e7733628dd7d38d6979516a75682ee

                  SHA512

                  9e2eda3dfe3bbdf149707eefe67d889fc88e0aa45ae23023367a8914b8feabd1badb043dfb5f8301541d4489d31b79164380a5ac8031662156c639008c26c4fc

                  Download Submit

                • C:\Users\Admin\Desktop\ApproveHide.tif.ORCA.1CF-C91-40B
                  Filesize

                  649KB

                  MD5

                  27b0ba079cbaa169b438fcee0d32cfdf

                  SHA1

                  75e10e5b876d2d2002e8eb035571926ecfd2a774

                  SHA256

                  f53cec3601f23c925d7f4d7c389afb3ac9735266e7c1a8ec7d6401dbdce47c07

                  SHA512

                  a123879b81efccece2cd485e0521b91fe0d0a6432575f78a3e1d2f65987438ffd0d0161d2c5fa07b2f23bc72629c255b2cc6762930f98f74ae87e638e5f85ae4

                  Download Submit

                • C:\Users\Admin\Desktop\BackupMeasure.asx.ORCA.1CF-C91-40B
                  Filesize

                  496KB

                  MD5

                  60a0d0c7d941bb0d96103e6843283fd2

                  SHA1

                  9545223ae525e59957c63422bfba74d09d222ea5

                  SHA256

                  bdce057f2a2df92f62e753882bd118da0b0af688fdc8ce6c31ec130b8a0a36fa

                  SHA512

                  3a1d0cd782abd285471cc720347606a30c89e74dc393279e759cea5ca8a56cd4fd04018bd008ccb992635cc09e99456bdcda059fb7f4399ff29166f69e005ce1

                  Download Submit

                • C:\Users\Admin\Desktop\CompressUpdate.001.ORCA.1CF-C91-40B
                  Filesize

                  991KB

                  MD5

                  d6b5ea208f74d2ed75d41e522ada0778

                  SHA1

                  d5123aec2f081692157d17a47d9a562559509e63

                  SHA256

                  5dc5046832c3c7b4d6802e8ad80cde23f85713f5d7e496a099f4c1671f7ac135

                  SHA512

                  fda510668ea7e22c5c32ca9c7526c97b301797c6c1bcff71ad24ab7d44cb6237316ce53e4fb387a011a876a0ad3603ee44109cc652009451e4bbcaa236c5fa4c

                  Download Submit

                • C:\Users\Admin\Desktop\ConvertUnregister.ppt.ORCA.1CF-C91-40B
                  Filesize

                  801KB

                  MD5

                  3c594068018d16117a6f19134165fb57

                  SHA1

                  cca5c9edf23411837a557e6286b1f6f3a1779c6a

                  SHA256

                  ed55b5b1f9b9a6e44971c23dadddc9494d29642cff9f9a150cfb14639f9b31b4

                  SHA512

                  a87cad5494fe17c8f82df0d7b88f80cb95405425b1054ebcb67bf715c7fc0e86c50bf1268f6a4d2dc45a16845b0f24a75e51e9596deb19dd2d044db2caf21342

                  Download Submit

                • C:\Users\Admin\Desktop\CopyWatch.TS.ORCA.1CF-C91-40B
                  Filesize

                  763KB

                  MD5

                  ac6ff4933ef95675ca613abdef7a775d

                  SHA1

                  df459534ef224d6f93e830c90aa43e03593dadee

                  SHA256

                  aaea900ebf51fcf8ba6d2362d63524220c681fedb682e3d6688d462f9dfcd12b

                  SHA512

                  7d9c58d0bcd46a96975daae14e12805f20cc0c9d046720c59c5b1fb9845bbf992c862edf0d6057fb0257c333ab307a1f1938974a070b733eea173fa52978c3ed

                  Download Submit

                • C:\Users\Admin\Desktop\DisableExpand.3g2.ORCA.1CF-C91-40B
                  Filesize

                  458KB

                  MD5

                  f7232fb1bcaaf88cbd1b1f72a2b3180e

                  SHA1

                  eae8e6f95238ae0dac1ff6cafc89abd602ada41f

                  SHA256

                  11199040c9adf84b904cb39a7ede187e3584369c6a165e69172d4ba42a204472

                  SHA512

                  600f4bcafa7d0d313d9dd28a1820c4290d53ec2c596c0d1f11b53613be3aa7d8058171dc391e16957893d86ba53f9648586a010b389693bab5aedcd44090d51d

                  Download Submit

                • C:\Users\Admin\Desktop\DismountInstall.ini.ORCA.1CF-C91-40B
                  Filesize

                  915KB

                  MD5

                  0d6f54bc272a69df1ea9561dd2ca6df1

                  SHA1

                  3a0a762ff0abaf79e281542720834fcd85037b41

                  SHA256

                  f86f0cb0d1ed6769687efe92c406eb089a9bebfaa8bad38bb9c7a223712db8cb

                  SHA512

                  698096457746bfd01f2826c1d255dbd6890c6abb95af4ce02354edb630626c504277dda988f0b815725574915b497ddae14cdfb9d946f6302777e7d5739bd786

                  Download Submit

                • C:\Users\Admin\Desktop\EnterRequest.MTS.ORCA.1CF-C91-40B
                  Filesize

                  839KB

                  MD5

                  d0acdfbce55eef2b2419fdcb0d0a2950

                  SHA1

                  70d96d6fc3ab057cb203bc483f58adc61652538b

                  SHA256

                  a25cb5b01e73f73c007e5585db19b239d444a3c53d6f462abb7857d6499c614f

                  SHA512

                  43431c13481da74361d0a466c9efce1a4e38729c5fc9bfeb64fab7d8c0b6f6026843745019dd4dfdcd871e58e6aa8fbeb925e25fa9d85b47321dcf47915d8f41

                  Download Submit

                • C:\Users\Admin\Desktop\ExpandSave.mpeg.ORCA.1CF-C91-40B
                  Filesize

                  1.1MB

                  MD5

                  364e12e0496bedc3eda218a897b8042a

                  SHA1

                  c7b3eef4e7005136ba38ec5377367a733d0cb32e

                  SHA256

                  8baedbf144ec19f94c400142b93b7dee3b614a3bcb42daadc1bf7855db76d56d

                  SHA512

                  3962918babc1545753ea0b48f1681aeb9ef5e3a02d6e6f833321d502bd62afd11888ecc051ae2a2ea9d52fa3be1e4d398068777e1c06715855252d2ba3df825e

                  Download Submit

                • C:\Users\Admin\Desktop\HOW_TO_RECOVER_DATA.hta
                  Filesize

                  2KB

                  MD5

                  029dacc232d605c6eff9bc27221ffde8

                  SHA1

                  25bd20280bf1ce33481d917a56b7c1d150b5d14c

                  SHA256

                  1af89026f6dd96390830f5bb05e87755f4a6896a4aee1800402b45540f67b6a4

                  SHA512

                  54e672312d4593fc34fe9175630672c4eac1edecdfc3d26f2940848ae687082722467ec6e75fa6dfd7630c4de16cccd2479c26a138d26fcb9027f29921b60140

                  Download Submit

                • C:\Users\Admin\Desktop\MergeReceive.rm.ORCA.1CF-C91-40B
                  Filesize

                  1.0MB

                  MD5

                  77eb2499633f92d4cc69e18dd48d1ed0

                  SHA1

                  6c59a152f8685ad6b561cd89f4788539dfd3a37e

                  SHA256

                  66d83fba2c04abb64fe6037c5d44b260c41fc1bee240c529564035b49476396d

                  SHA512

                  c57039fb91e6323fe88260943f7d11ad01d479d193e12b862328c1d778ce3f6ca203874e2d6c5dc8e59080353b096bec39a0f48a179b623e4a5e4bea2c3904d7

                  Download Submit

                • C:\Users\Admin\Desktop\OptimizeBlock.vbe.ORCA.1CF-C91-40B
                  Filesize

                  1.0MB

                  MD5

                  878130c4b6e4b298e3212835016dc190

                  SHA1

                  29b58c03749c6f93c54c99a22e7f689447b1054c

                  SHA256

                  5e110663bdce48070da6c686379cfb130d680b71c450b3c94ee519ceb4f87174

                  SHA512

                  9601384d3f9386593f83e4fe567b5db5986d1566b8a079690999166b9a8e28e7052b03ff4722fc3e7f9f6d86591e53b31f3a53f3d659d414284aa221e3a7d09f

                  Download Submit

                • C:\Users\Admin\Desktop\PopTrace.mpe.ORCA.1CF-C91-40B
                  Filesize

                  610KB

                  MD5

                  027bc67a4800375cd24d00c778712784

                  SHA1

                  ee15d4454b637f393dcfaa6d34c4d8524fffa3e4

                  SHA256

                  d4776f67b71fc6c8c9a8f595a63aa002ef6a340bf4cf3960f267828d9a462d76

                  SHA512

                  b63fe296f75c031591af12857df573cd1cebbbb3ea9e651a2b06a5f4da7d160479bdc8f3be6590c106b3afa3bfa76d165ac82870a449a5115cb9ee523dbeed37

                  Download Submit

                • C:\Users\Admin\Desktop\PushSearch.ex_.ORCA.1CF-C91-40B
                  Filesize

                  534KB

                  MD5

                  a7364f0fcba5351c3386ea797dd3549b

                  SHA1

                  dde57b540b13c033de6c6be84087b956a7bec31b

                  SHA256

                  17c60ecbc005b37459e9e601bb01d9cfa3ba97b7dd7e2dda98c6bac9428d297d

                  SHA512

                  81d06ae5b0679dd6e25163a2d4a369c0205e53f7fc63c002bb176526aec77122d34cb1ef2572ca8bd25d754526b061f27be046f291092c4b384b006fbb506ffd

                  Download Submit

                • C:\Users\Admin\Desktop\ResolveBlock.shtml.ORCA.1CF-C91-40B
                  Filesize

                  1.6MB

                  MD5

                  1727f478acfeb3783835008bb33df653

                  SHA1

                  4dd8dacc3f73bff248f6b88fbaa12344eb1db5bc

                  SHA256

                  ab1f31170630072a2a10a75ba4fbe46fe8fe432384c6a06e0843ab848748ccba

                  SHA512

                  d150bea5be300f2baa950d9814e8306d7939c23461c67d3804d79bb68ea61da1a2fe1667f6290b57babd281c6bb68fdbb196d4ab848ddf8dbe93d8d874c6676f

                  Download Submit

                • C:\Users\Admin\Desktop\ResolveUnpublish.xhtml.ORCA.1CF-C91-40B
                  Filesize

                  725KB

                  MD5

                  dc6b83542e152cfb3d438fe4044a3434

                  SHA1

                  1b0f46c80634e00ccc2d99760c8f3f8f8cc8a743

                  SHA256

                  54b9cb8ba3e448dcdbd317a8df885f64718edbc7392c4ac8e8e20c95464f01a9

                  SHA512

                  148d5ca8ac5617d9004761a478ecffa5bbeddb4277c769435b507c28b51973596816f483f94ba0eff2d548fbb607bef794cba3e30b0fa26d372f311e25480852

                  Download Submit

                • C:\Users\Admin\Desktop\SaveResolve.ini.ORCA.1CF-C91-40B
                  Filesize

                  877KB

                  MD5

                  5450122d9fdb4ce7a12694137944d3b0

                  SHA1

                  35d0b2e463b89fbebadb8fc199efc9f1b1428fef

                  SHA256

                  fd19dfcd7b1678605dc2324d4486666a69a9b447e36d23ca819be13ab96f592d

                  SHA512

                  57e82471937fcc0c1f4c90b8182b9f774891e171c7b767142cd3354f22124d7c50b3937eec915c5d48bc559cd4e8fd00a26f832e67d8e873d8fcd8add7f9506a

                  Download Submit

                • C:\Users\Admin\Desktop\SendFormat.rtf.ORCA.1CF-C91-40B
                  Filesize

                  1.1MB

                  MD5

                  ae8a6965f24d4916dcd6cbb26928374e

                  SHA1

                  f3a8e911f415a480adbfa3e06b3fe0c53e4ec91e

                  SHA256

                  98b42750fac19e5ccba290b959b6c85f4f6e774f5cf71bd16a36ded67421b9d0

                  SHA512

                  94184294dd91aef38e62b3f70dc54fd6d7bace1dfea31944ae84ba2169c6f162fdf802180a33e417e4203ab26ef01e18088101e501dc5210e4b840dbc42f813c

                  Download Submit

                • C:\Users\Admin\Desktop\StartUninstall.mpg.ORCA.1CF-C91-40B
                  Filesize

                  572KB

                  MD5

                  3e203422e4765e0935945776b7d3e646

                  SHA1

                  576aad45b9a77f1628999d37423fa17a4fff936b

                  SHA256

                  41f3f96e13ded89659522e222a855dc1152413eef57c7d41b6332b3f51d15ffb

                  SHA512

                  61d0e2d177ef27c92d7c6ac27daa85b8ae50521113be4d2c7231d3dc2861f05a767bbbff6ab5f9709ef29239513e357f0d58d10640dc8aaa89ea9770ac59fa26

                  Download Submit

                • C:\Users\Admin\Desktop\StopConvertFrom.mpeg3.ORCA.1CF-C91-40B
                  Filesize

                  953KB

                  MD5

                  01457d7031bed0ade030c82b87a58359

                  SHA1

                  0bb6155f92767f6914ad8308378864bd52c25afe

                  SHA256

                  48ac17c920a3f63418d7ed571be188ad88d521962987ecf35a479fc024e21098

                  SHA512

                  8a6ab3ad08b57e71bd25b0ccc8dfe75c705058baf4e033b47b8a8df469b1ff92b636f436dab79be125bd404d86c37424778fe31f4d4dc850d5cf1ce5c8353f4b

                  Download Submit

                • C:\Users\Admin\Desktop\SuspendCheckpoint.eprtx.ORCA.1CF-C91-40B
                  Filesize

                  420KB

                  MD5

                  b1772e28cfb9203315f0d6aec6408e3f

                  SHA1

                  b431f086a1cceabf2858f30530744cac19b9730d

                  SHA256

                  a428da1112d070afb987e2db724f1ed6e669ab43681f48de8bf5e2987a1f3e31

                  SHA512

                  434ba77dd0a520835d54c649759351f48c090eeaef0dd0c65e3331b0d211228146a1d54eff3da8f2156fe57bbb18dd2705022481c1accb08ab8ce4eb9b44585f

                  Download Submit

                • C:\Users\Admin\Desktop\UninstallBlock.vsd.ORCA.1CF-C91-40B
                  Filesize

                  1.2MB

                  MD5

                  94aaf57687bff42418c7aba5ec395432

                  SHA1

                  b9b860970bc366e37d606c0444a92052fdcfaa68

                  SHA256

                  bf741c964f0bba69b72f6b64b7cda8feb4915cd3eff6247618eb5b89ca211cdc

                  SHA512

                  170473d52e542d7ed8b7c316758524788dd95b4f70cd03f9fe916ac55d3e1e062c4a753e91d24d134f5fad75668b16de381cf99320dd35eb43d05afcb1f99456

                  Download Submit

                • C:\Users\Admin\Desktop\UpdateMeasure.iso.ORCA.1CF-C91-40B
                  Filesize

                  687KB

                  MD5

                  3b4462a046af7208867295a0fb02d5af

                  SHA1

                  7b34b423927d65d520fd85db394fe01cfa06b20e

                  SHA256

                  08588780db96c99287030e36d4ef305777537d985b9489f43188a1b11c91bf7e

                  SHA512

                  de8964de47867624ba7d9240733364d58401513968b114fa43537d44f0e3a40306fac48e5fa5fbe305ff7e28fb213ba559208c7afbe318391cd55b776cb48d6b

                  Download Submit

                • memory/1084-138-0x0000000000000000-mapping.dmp

                  Download

                • memory/1936-144-0x0000000000000000-mapping.dmp

                  Download

                • memory/1980-146-0x0000000000000000-mapping.dmp

                  Download

                • memory/2340-132-0x0000000000000000-mapping.dmp

                  Download

                • memory/2648-135-0x0000000000000000-mapping.dmp

                  Download

                • memory/3744-169-0x0000000000000000-mapping.dmp

                  Download

                • memory/4252-136-0x0000000000000000-mapping.dmp

                  Download

                • memory/4476-137-0x0000000000000000-mapping.dmp

                  Download

                • memory/4584-139-0x0000000000000000-mapping.dmp

                  Download

                • memory/4764-140-0x0000000000000000-mapping.dmp

                  Download

                • memory/4768-141-0x0000000000000000-mapping.dmp

                  Download

                • memory/4808-142-0x0000000000000000-mapping.dmp

                  Download