Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

64f38d7bf4...79.exe

windows7-x64

10

64f38d7bf4...79.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 03:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79.exe

  • Size

    400KB

  • MD5

    701866df405b186ee9cd163328f8cd10

  • SHA1

    f5eef955245e0b5a497e09c17eeb160742530875

  • SHA256

    64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

  • SHA512

    a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

  • SSDEEP

    6144:kHbbELf/MR/cWdi5pV/JNWOVhMW668UXreVX7IcJIch:AdOpNX1hp8U78JIch

Score
10/10
salitybackdoorevasionpersistencetrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

  • Modifies firewall policy service 2 TTPs 3 IoCs
    evasion
  • Modifies visibility of file extensions in Explorer 2 TTPs 13 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 13 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 12 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 16 IoCs
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 19 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 1 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious use of AdjustPrivilegeToken 27 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    1⤵
      PID:1348
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:1412
        • C:\Users\Admin\AppData\Local\Temp\64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79.exe
          "C:\Users\Admin\AppData\Local\Temp\64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79.exe"
          2⤵
          • Modifies firewall policy service
          • Modifies visibility of file extensions in Explorer
          • Modifies visiblity of hidden/system files in Explorer
          • UAC bypass
          • Windows security bypass
          • Loads dropped DLL
          • Windows security modification
          • Adds Run key to start application
          • Checks whether UAC is enabled
          • Enumerates connected drives
          • Drops autorun.inf file
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1948
          • C:\Program Files\Windows Common Files\Commgr.exe
            "C:\Program Files\Windows Common Files\Commgr.exe"
            3⤵
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            • Suspicious use of AdjustPrivilegeToken
            PID:1824
          • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
            "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
            3⤵
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            • Suspicious use of AdjustPrivilegeToken
            PID:1764
          • C:\Program Files\Windows Alerter\WinAlert.exe
            "C:\Program Files\Windows Alerter\WinAlert.exe"
            3⤵
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Loads dropped DLL
            • Adds Run key to start application
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1756
            • C:\Program Files\Windows Common Files\Commgr.exe
              "C:\Program Files\Windows Common Files\Commgr.exe"
              4⤵
              • Modifies visibility of file extensions in Explorer
              • Modifies visiblity of hidden/system files in Explorer
              • Executes dropped EXE
              • Adds Run key to start application
              PID:1332
            • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
              "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
              4⤵
              • Modifies visibility of file extensions in Explorer
              • Modifies visiblity of hidden/system files in Explorer
              • Executes dropped EXE
              • Adds Run key to start application
              PID:1712
          • C:\Program Files\Windows Alerter\WinAlert.exe
            "C:\Program Files\Windows Alerter\WinAlert.exe"
            3⤵
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            • Suspicious use of AdjustPrivilegeToken
            PID:896
          • C:\Program Files\Windows Alerter\WinAlert.exe
            "C:\Program Files\Windows Alerter\WinAlert.exe"
            3⤵
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            • Suspicious use of AdjustPrivilegeToken
            PID:1136
          • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
            "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
            3⤵
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            • Suspicious use of AdjustPrivilegeToken
            PID:836
          • C:\Program Files\Windows Alerter\WinAlert.exe
            "C:\Program Files\Windows Alerter\WinAlert.exe"
            3⤵
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            PID:1528
          • C:\Program Files\Windows Common Files\Commgr.exe
            "C:\Program Files\Windows Common Files\Commgr.exe"
            3⤵
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            PID:1760
          • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
            "C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe"
            3⤵
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            PID:1144
          • C:\Program Files\Windows Common Files\Commgr.exe
            "C:\Program Files\Windows Common Files\Commgr.exe"
            3⤵
            • Modifies visibility of file extensions in Explorer
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            PID:760
      • C:\Windows\system32\taskhost.exe
        "taskhost.exe"
        1⤵
          PID:1244

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\Program Files\Windows Common Files\Commgr.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\Program Files\Windows Common Files\Commgr.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\Program Files\Windows Common Files\Commgr.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\Program Files\Windows Common Files\Commgr.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\Program Files\Windows Common Files\Commgr.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\bnf0342
          Filesize

          2KB

          MD5

          5b114290a8d04ff6892a7768f86ba0ac

          SHA1

          49601c54df12681b512652f5607b8be877d2ca4b

          SHA256

          d66866d729a1cded6f54732ed331631239103f9428b24a1ee06850305e087e45

          SHA512

          2ec9c058244c2f2e514729762275c8b0488ab6cad4873d88469417d8037dc9662001a95818d347d40dd98e6f16869b987cd740e4988b065097aac5a16f00297c

          Download Submit

        • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\bnf0342
          Filesize

          8KB

          MD5

          39422a7ae409be6dd4d6547177c5a629

          SHA1

          4ffabb898066c6ee5e49f8a17ada5da15f348c79

          SHA256

          6f2e4f80ca849907ace284a4d7e3c62dd81bc75109c6a24fe9d7a9581345fe2d

          SHA512

          42fe298976aa373ad7a84f38571c4f22aa71f2ed146245fca9b97ce8073fe3cdb0c8e143fcb7ee39e072a74437ec93d751b9802a1ac70f652ba28399ed78ac44

          Download Submit

        • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\bnf0342
          Filesize

          4B

          MD5

          d03d864b7f43db9ce34df5f720509d0e

          SHA1

          30567f6b52af60449a6113d3c80fb9f850b7426a

          SHA256

          ba4f25bf16ba4be6bc7d3276fafeb67f9eb3c5df042bc3a405e1af15b921eed7

          SHA512

          c3e5381f393d246e84425330e730aaf188c7ab0569da96abef576d9173f816ef81b3b61813387515ad6a8e3a93685aa57b211255ad8db46237b39955c9dd9d06

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\006CED5C_Rar\Commgr.exe
          Filesize

          324KB

          MD5

          48f66db7975ac9be41883d9c63dd7a74

          SHA1

          81c65a8e095736e316eb9a269b84066d7593b155

          SHA256

          32b1a8ec877f7357dccbc149ba4909e276686db3cfc2859bcc9f91631c4a7624

          SHA512

          b1e49cc21354c1ac44a6ac40bef031afcae8f4c2886d6d01ddb8a79db5ff5dbb2ae3e0d65449274535d6822defd6da5cd0e7d573e42cd3578cb8f95937471f17

          Download Submit

        • \Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \Program Files\Windows Alerter\WinAlert.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \Program Files\Windows Common Files\Commgr.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \Program Files\Windows Common Files\Commgr.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \Program Files\Windows Common Files\Commgr.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \Program Files\Windows Common Files\Commgr.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \Program Files\Windows Common Files\Commgr.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • \RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
          Filesize

          400KB

          MD5

          701866df405b186ee9cd163328f8cd10

          SHA1

          f5eef955245e0b5a497e09c17eeb160742530875

          SHA256

          64f38d7bf45677bc986cb40a2462c9596dd47cd2f78f442552b84f60010c3e79

          SHA512

          a9175a1e36b7ed92ae6ae62ff9cf55bc77a5a06aae14228370c111a44457d144d76d284115f666ee1f2fed27cc67858fd40ac22dc09922b7f6c57338cd034f17

          Download Submit

        • memory/760-154-0x00000000001E0000-0x00000000001E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/760-144-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/760-157-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/836-123-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/836-100-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/836-106-0x0000000000290000-0x0000000000292000-memory.dmp

          Filesize

          8KB

          Download

        • memory/896-85-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/896-136-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/896-104-0x00000000001C0000-0x00000000001C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1136-114-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1136-105-0x0000000000290000-0x0000000000292000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1136-99-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1144-140-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1144-151-0x00000000001D0000-0x00000000001D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1144-159-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1332-149-0x0000000000230000-0x0000000000232000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1332-113-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1332-160-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1528-142-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1528-158-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1528-152-0x0000000000230000-0x0000000000232000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1712-141-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1712-155-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1712-150-0x00000000002D0000-0x00000000002D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1756-163-0x00000000075E0000-0x00000000075E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1756-112-0x00000000075E0000-0x00000000075E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1756-168-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1756-83-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1760-153-0x0000000000290000-0x0000000000292000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1760-143-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1760-156-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1764-169-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1764-162-0x00000000001E0000-0x00000000001E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1764-84-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1764-103-0x00000000001E0000-0x00000000001E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1824-161-0x0000000000310000-0x0000000000312000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1824-102-0x0000000000310000-0x0000000000312000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1824-167-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1824-82-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1948-81-0x0000000009DE0000-0x0000000009E44000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1948-58-0x0000000000250000-0x0000000000252000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1948-98-0x000000000A6F0000-0x000000000A754000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1948-57-0x0000000001D70000-0x0000000002DFE000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1948-80-0x0000000009DE0000-0x0000000009E44000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1948-56-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1948-55-0x0000000001D70000-0x0000000002DFE000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1948-146-0x0000000000250000-0x0000000000252000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1948-145-0x0000000001D70000-0x0000000002DFE000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1948-54-0x0000000075091000-0x0000000075093000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1948-164-0x0000000009A70000-0x0000000009CE8000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/1948-165-0x0000000000400000-0x0000000000464000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1948-137-0x000000000C450000-0x000000000C4B4000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1948-139-0x0000000009A70000-0x0000000009CE8000-memory.dmp

          Filesize

          2.5MB

          Download

        • memory/1948-138-0x000000000A0F0000-0x000000000A154000-memory.dmp

          Filesize

          400KB

          Download

        • memory/1948-166-0x0000000009DE0000-0x0000000009E44000-memory.dmp

          Filesize

          400KB

          Download