Overview

overview

10

Static

static

1

tzw_2.exe

windows7-x64

10

tzw_2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    270s
  • max time network
    78s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    06/02/2023, 21:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tzw_2.exe

  • Size

    106KB

  • MD5

    f1ab4f5cbf5fc72c4033699edadc4622

  • SHA1

    858f3f7f656397fcf43ac5ea13d6d4cbe7a5ca11

  • SHA256

    c333a0afa8f9c38ff61d3618d8d3c7749e88cbba269c3345706898224da679dd

  • SHA512

    e4df529da677f28ce5e44d6756f11d3ea35a4170b1a55e745e8a1e971c136c8d2723d485a4776873a085e9e7efdd5ea6d4360ef75a358984aab0160af7393202

  • SSDEEP

    3072:2SXsZZXQm4BbJpVIYbQf91G3im/2Ef07JysgIXvjLg2InA5xNyeyvDhORuARBy1M:vHpVCf/mxeBuARij7b8

Score
10/10
persistenceransomwarespywarestealer

Malware Config

Extracted

Path

\??\M:\Boot\cs-CZ\ReadMe.txt

Ransom Note
Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?71DYTOJDYT 5. and open ticket ---------------------------------------------------------------------------------------- Alternate communication channel here: https://yip.su/2QstD5
URLs

http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?71DYTOJDYT

https://yip.su/2QstD5

Signatures

  • Modifies Installed Components in the registry 2 TTPs 3 IoCs
    persistence
  • Modifies extensions of user files 6 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 48 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs
  • Suspicious use of FindShellTrayWindow 63 IoCs
  • Suspicious use of SendNotifyMessage 49 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tzw_2.exe
    "C:\Users\Admin\AppData\Local\Temp\tzw_2.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1496
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Drops desktop.ini file(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:832
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x58c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1772
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1680
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1984

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\WPDNSE\ReadMe.txt
          Filesize

          849B

          MD5

          dddd6f7b0646be4e2f942157fb645688

          SHA1

          a75acda7314829e4ebfa81348639276a55d631c6

          SHA256

          7d6c3e22511df93b23142f244dc916229c4d1deb8b6966365b22b4f8c4f131ff

          SHA512

          4c9ac52afbf604d84e54695105f50b806b07f4aa80b9182ba626ffa86786e8e82a11eb9467273bb0307eb5070e2457228aade1dc4e63b8663d41c22d62da7d87

          Download Submit

        • C:\Users\Admin\Desktop\ApproveMount.TS.TZW
          Filesize

          787KB

          MD5

          82174cf15a9908b9db7e737c0806fee7

          SHA1

          d28a9603bf87db6be3f9b8ec436c1e9c38f79cd8

          SHA256

          a9245679d45b81af8a60f0bf2c73e7cb787e354f0e32337e26dd5c7a2c477a67

          SHA512

          31b1ca71bca30d504e8d571e4eaf55ee514dd962ad419db2983797117bf4101af70a92f696b68308ccb9486b79c07549550bba67a36184a2cb4f7a6b38a54f25

          Download Submit

        • C:\Users\Admin\Desktop\CheckpointDisable.3gp.TZW
          Filesize

          413KB

          MD5

          5d52bbd942cb934cdb72947b923eb992

          SHA1

          ae5d1656d842e7e1338ac0e8b5f4c4c71a796215

          SHA256

          dd09ff5cda324ddaf6b5859acd0d64c8464c38828dde29adabcb3c9d6701bcea

          SHA512

          9f93d7a00fcaadd14aa165650a68f2fac319e94683550c8b6b1ace8583a98116ddd9e0e947f8afbb24994bd2a82bb87477fbf65803656f744a6d6c26c433afac

          Download Submit

        • C:\Users\Admin\Desktop\CheckpointSearch.temp.TZW
          Filesize

          974KB

          MD5

          94b701099df683ecde624855aa32711e

          SHA1

          8d7ac4dcff23bee8a37faf0ced43367ce631c7ed

          SHA256

          97552b2913ed9f72caa57c02c356938c09cbccdb7ce283ada7f33ac7abbccc6b

          SHA512

          c6231fde2d72fbdc877e1c7d7d1e30a4d9f0f005df2e6bf32e6b197521c53aa59e575d8f42f2dd553ea0ce4735d71fa5fc4341083af1861272e4b730dbd53f8a

          Download Submit

        • C:\Users\Admin\Desktop\CloseInstall.dll.TZW
          Filesize

          947KB

          MD5

          0b4b15f1ee3df297b708ad6cf9a4f59d

          SHA1

          53887e61a42c6a2bc5bfe883038d0c1baa9deadb

          SHA256

          6b4552534a567b764e535cef77822ce67344f87af167b17568142be1e9e89b92

          SHA512

          1e1698dd481ea0784d2eede990f558f7e017eaea8743c50bfd2b416fbc77d759e52bff8a668478b0314c7d0678090fa555694a6b64f65d646e8f47fa977af2be

          Download Submit

        • C:\Users\Admin\Desktop\DismountAdd.avi.TZW
          Filesize

          627KB

          MD5

          6ded8b2dd7250b29c0409121dcadaff3

          SHA1

          406cba8cd1078b2cd96bf8362e6be3d9168f33d4

          SHA256

          4124f33dcfba03434a546ac9b5af4711714c22691cbb11bd568501ba425b263e

          SHA512

          72253d2eda9a2a7c977998422b6574bd543f91eac63fede3a0c542928faf64f30d639d50a37181ae6bb6e29da828d148c8a27b24e11f9f29a9f30af45b4dbe1d

          Download Submit

        • C:\Users\Admin\Desktop\DismountStart.tiff.TZW
          Filesize

          600KB

          MD5

          09865a0e2238871baf8655ebc8deef90

          SHA1

          521b6ff07842468b7a6ae3e3072f40e253879a0f

          SHA256

          033d2574234ce1dc0d948e76b2be7aecaaf01f28d13e0bc1644dda12e507d435

          SHA512

          3b78b33edfe83bec2b3d9954fa34a339966829ed123eceb192e396428e6f7aae52d9b0309aab46ce75c91be1f8e836b224d48b2d63eee197e8e67e0653dbea0e

          Download Submit

        • C:\Users\Admin\Desktop\FormatEdit.cab.TZW
          Filesize

          920KB

          MD5

          533f4c7caf236b8bff5d6cb891bab85e

          SHA1

          f0006a63276608f4cce13f70b37cc395ef2b8f4f

          SHA256

          64d3b22e43dcc262c9d60864ea272558955831e8f869e4424d06676b9b985800

          SHA512

          7f8cbc08181e79d9ee23c9ce01c9be43e48b6522a1daf0737cb03b928f41a7f69cf25fc860d4a4efb7a6b6ff1104b13772f4fcaecd32914c0314c960784b1ba6

          Download Submit

        • C:\Users\Admin\Desktop\ImportWrite.jpe.TZW
          Filesize

          814KB

          MD5

          33d2a3134b6f22db3b60af5ba02a35d3

          SHA1

          2cf55b4a35ae8c7a3043f52628e2edced89361a0

          SHA256

          9a639c8f28f100fa71df7980d775171bd353f06a34b18025a3a058fdb58718ac

          SHA512

          29ed01e43ac6019b58009cbd31a87f599ce11b04a4aefab3d64fd614620519b26eb7314e219c145990e7b55ada1aa6d1bb78c2c66b8973f5e6da94784d369277

          Download Submit

        • C:\Users\Admin\Desktop\InstallConnect.dib.TZW
          Filesize

          680KB

          MD5

          73f21b411cb8b9af90f68524e9cba258

          SHA1

          73584d3d1bb03f34dffa60e6f85bf5963c8de9a0

          SHA256

          a0333b7cb8b6db0b1390f29e9028586fca3d498d7efc3c80cb8d0a827e3d902c

          SHA512

          eb0b4a9f048da515ec2a8989c5f20619f4bfd0c16db2c2b79051fa50c0757884aea620f7b46c230fdfa15fee7d4cedceb03642582a347bdb3653b5d56ef86d3c

          Download Submit

        • C:\Users\Admin\Desktop\LimitClear.dll.TZW
          Filesize

          734KB

          MD5

          81f68e4c1b3d03c2b56458812ee34a07

          SHA1

          a78b914af766e6201e936cf755e0cba9d7ef29d1

          SHA256

          cb011fe62efb0766e99aecece02fded2b878ffabc60345bebd384d16406ce349

          SHA512

          f07b117718e3e948decb80c8008375e07ca89b0b580b378ea67b72d7b11e182fe4bc2aa650a555f081ae6b9d6278a9823c89411625cc1a7a273dbcc64b39ab57

          Download Submit

        • C:\Users\Admin\Desktop\LimitConvertTo.ps1.TZW
          Filesize

          440KB

          MD5

          f72a5e81dd33074418c223096b1c28a1

          SHA1

          5b49ab61ba89a1744e455e67f966a1e36d707a41

          SHA256

          1d21f7576ebc149e62c6fcb69657b3cb79b4da7d043d6de9a68009803bac61fb

          SHA512

          bfb55d12ea83f5163804bfd34572356025be0a4bc02de225064077dbda57929616d7c63b033415dcbc2385a20173a54ae6c1db0406f148a11bf3f2de4c01d445

          Download Submit

        • C:\Users\Admin\Desktop\OutOpen.contact.TZW
          Filesize

          520KB

          MD5

          21e4ee41543906dd60f6470a2ee4a79e

          SHA1

          cf0b0f1dbbaf1ac13a8c058fd635357862df1d1a

          SHA256

          361c938e8868bb0f25f45476aaec65be1bb99499d1c8dc2ce3d3667d94c36075

          SHA512

          284e54540fd0e14382e15966096a3e386719c2c1c4b1b8e6a38183b02900ae7dffd85e489cebed623b31002d27178d3fb97af203b5ee92b465d51a64f17235af

          Download Submit

        • C:\Users\Admin\Desktop\OutSwitch.wm.TZW
          Filesize

          493KB

          MD5

          2835dbd255848a813cf1ca3529c9b95f

          SHA1

          55af5dbc75d5637a614160a0bc69565547b96540

          SHA256

          51ce7e4f639cbc187d065d19e72c29d0e2877d67d80175fc6524e23c39f1d195

          SHA512

          20ee5ea1deba795ced1d8d1568d954e84579d199e600591d8102cbd399131537b6861a94149721f633603d1193ba80e5813d7bfb4f6712712b31c02490fb3648

          Download Submit

        • C:\Users\Admin\Desktop\PushWait.DVR.TZW
          Filesize

          653KB

          MD5

          9a7df49c384b280f5bbcfe2d5a45b261

          SHA1

          b0bbaa0637eaf1e495a1b9103b1bf073d513c2b9

          SHA256

          a3c0fa30b26830adaa1ddbdb996f3381f1978827e3e3134ae7c980bcf4f60fc0

          SHA512

          d0dfec0cbb605c1528d2f9202704fb46d37c650a11034c0b3dcfa7c33bedde892af20799abf0cf0422ebacfd47e67a498a8316820255244e8199630e3fb2b95e

          Download Submit

        • C:\Users\Admin\Desktop\ReadMe.txt
          Filesize

          849B

          MD5

          dddd6f7b0646be4e2f942157fb645688

          SHA1

          a75acda7314829e4ebfa81348639276a55d631c6

          SHA256

          7d6c3e22511df93b23142f244dc916229c4d1deb8b6966365b22b4f8c4f131ff

          SHA512

          4c9ac52afbf604d84e54695105f50b806b07f4aa80b9182ba626ffa86786e8e82a11eb9467273bb0307eb5070e2457228aade1dc4e63b8663d41c22d62da7d87

          Download Submit

        • C:\Users\Admin\Desktop\ReceiveSelect.ico.TZW
          Filesize

          573KB

          MD5

          831f7310b3648f9feacdef61dd89bdea

          SHA1

          2c9e28c35756f77b7f20db2ee0521ffa727ff38a

          SHA256

          c78dd68a779e177ce835b90db03824ca49d0f0e2dc0a180439fff155e9cfae28

          SHA512

          e9c87b99494e162cc149931ca0f1fab61f436e46106ac80aa1881069e0f9431cbf4da68b1fe40a4121c100b0c8e9874b0448ee33475c60a2c3049895e66d263b

          Download Submit

        • C:\Users\Admin\Desktop\RegisterUnregister.ppsm.TZW
          Filesize

          760KB

          MD5

          6edbe80911ad8ee1d8ed43acbd627f03

          SHA1

          5932488c43e3d1abeb6c2e0466cd5de5c71ae90e

          SHA256

          441434f82cd7c71fdc0b68d5df330910679dcc4e031cdd0a015a3d9e24aea980

          SHA512

          6286748ba4d8d32e1b389d1740612fc2d8cff16383580f38427e9d982d5020f5b76fff60497835ae3a8d90df3a0c4417cb72abb26054812ced9feb5c0533cbeb

          Download Submit

        • C:\Users\Admin\Desktop\RepairPublish.m4v.TZW
          Filesize

          1.4MB

          MD5

          fb538c3518cc9dd98aaafab502d147e3

          SHA1

          81e0f0421fa66e67d79fab5fe266e60e5588b2ab

          SHA256

          a0f4d6aed3e14c7d0b237933fff54bcf4ea069a813e8b7f2a699176d2210c295

          SHA512

          4154f1e7d64d9c8f653ee47796cad6d8ec017ab534b30d990bf05c0ba2acefccb64fbc704c3f4f60be49cd2066d41448842921db227fb35e2a78482dfceda173

          Download Submit

        • C:\Users\Admin\Desktop\ResetSwitch.ttf.TZW
          Filesize

          360KB

          MD5

          a16fe30f849ee6450398c897ad5472f2

          SHA1

          69361e94082883b73b6bef484da30d7026aa21f1

          SHA256

          482ad3c10ccc14089bb8f2addcb549f0b56175456abd6720ba5a8c25d3fc7fa9

          SHA512

          013abcbea2ab983c9d4466a9526e3daee36581d5682d16d98e78e357fa4ddc003328e0216950b87448e995ac515655d85858c3a9eb0e99464da22d478deb2249

          Download Submit

        • C:\Users\Admin\Desktop\ResolveWrite.wav.TZW
          Filesize

          547KB

          MD5

          e876fbd285f834ea6a1dd2e1b8790ef4

          SHA1

          f7efa7d07bfb28dac60d77f577aa406079a865e6

          SHA256

          81beb74065ec4da590854cd311544d10f0b7a9ed0851c8f504bb7f3a84e67e89

          SHA512

          e3c50eca32cedeb330225fcd5ca7345b34835762543029f267ca22f4aff566db312df43ac3954382d10c0bab4fcbc8c4b734711c24ebb673c4901f4f63e88eaa

          Download Submit

        • C:\Users\Admin\Desktop\RestoreDisconnect.mov.TZW
          Filesize

          387KB

          MD5

          b8e5aa4b9c45e966ed7085341de4160e

          SHA1

          97d43fdd99572b61132c981dd7a313fcb66f9296

          SHA256

          ea2a30198af619d3284c57cb7005f543cc9b6f424a3ab891f5c8c477802a2e18

          SHA512

          78185911e6bf779cad11296fdd23489cb4afdedfdfe4669e2c776824d4f00380730ccf8c16d311c3ca5fc46b52a8a69d14c1fc184b39924147defdb54fb9f90d

          Download Submit

        • C:\Users\Admin\Desktop\SelectEnter.rtf.TZW
          Filesize

          840KB

          MD5

          51b01410df2332a5afbe0e2a12a0dd0a

          SHA1

          e6b4bd47312fda9ef8bba3fbb60cba6a85950907

          SHA256

          e626f6b90871f89ca9f87968d084850bf60c3beae468c323a8dbe444785c18a8

          SHA512

          93aa2931da40fab7022b183af2945bd8554b7c505fa1f6545bfb2ba6a5dd1ea81d32e2a7d5d520b491c7e138e9874960c648797477ca7296e53cf1910440b816

          Download Submit

        • C:\Users\Admin\Desktop\SelectInstall.mp3.TZW
          Filesize

          894KB

          MD5

          54bff659fd392dd37d64820b3c9ce3c6

          SHA1

          e2e2d4964903593e1078e6d5dd4debeb26b17b13

          SHA256

          4c8df72bd1f0571e8ab05989a2aab3f1f77a3c6cdecec5a040a6459c9cac4a2e

          SHA512

          005042a03eadf274983f75c53f243ffb86a6c2f2af70af6bd6f98261bff0870b743717bcc7ad3e4c7ceb8b4a53d5a60355cc4dd858c42b71c21b3a01826c048f

          Download Submit

        • C:\Users\Admin\Desktop\SubmitResume.xht.TZW
          Filesize

          1000KB

          MD5

          5e0963f53f823d3e04183c1920f774da

          SHA1

          6254e6e0f95680ab01f3c5ce888b89e27f9c662d

          SHA256

          c1d1e60aee17692acfb6e7e45254dfa0891f53d650321284d93626d67a474dff

          SHA512

          87d5d447bd29a9b5accf7bc99a21ae142341d7cbdd4e4e8c56f3b7ffe77067d828185975e3954f1bcf7dcf5f9a729a7e859bce9af7dfd56289e9d1e86ba22a5e

          Download Submit

        • C:\Users\Admin\Desktop\SuspendUnpublish.nfo.TZW
          Filesize

          1.0MB

          MD5

          a5761612a7a75ba41856e81d0005d97a

          SHA1

          d484d3c778280ce89bad573cd680ec72e6402b58

          SHA256

          9cf9fae3d043f5ccce844928fa314a6e0a49da4f3f836a6eef53c736934207e5

          SHA512

          19f9ea30733a32e2a4c1fe6801705c7b99b05fdd5838eb94e959841d1effd219095d02e21c3f5cab3a063b5e13ecf4616fba2792dd89fc3bbddf0e95785e2da5

          Download Submit

        • C:\Users\Admin\Desktop\TraceGroup.AAC.TZW
          Filesize

          867KB

          MD5

          8717a0f3d66d82cca3efce4efbbaf287

          SHA1

          cf2c2660fbab4f6d471b1eae87a5de97cb4f1fe1

          SHA256

          305100b46a10b62f801100537805fe77f2a3c490c3e5ee1dad47101add5f3331

          SHA512

          d3b2bc0e7f156b0dcefa9e22bade61afe7ee49b78b0e8008a3217d56535ffe174ee62939fa2fc0b3d07099fa2ea3089cb922ba10f7ed41e97282b9ca18e6e9b4

          Download Submit

        • C:\Users\Admin\Desktop\UndoRestore.easmx.TZW
          Filesize

          467KB

          MD5

          f930324be4e9aee1e969acc825e66f66

          SHA1

          d08533ede1de96b671671f6ca32c01a4cdd01c91

          SHA256

          86c98ca2f7e97554bb1ab81fcb109b26798a8b221ed206a7b9cf3d85d093fffb

          SHA512

          a9693223295275001f85037a75c5693cc174cf454fd00ae1bda8be4ac210a1953451a2d9dbc2faeb63524e872b0f1f7b91bd572b8c4896ea197e3c2b0c7f8f52

          Download Submit

        • C:\Users\Admin\Desktop\UnpublishEdit.pptm.TZW
          Filesize

          707KB

          MD5

          ba6bdcfff9448d5542d55f20c4e9adbb

          SHA1

          aadb4129cd8e84fb3bf58a796216019f3770f3ec

          SHA256

          eec02fade863d07e386dd761dff703684390e0d3c4c6365ccf36240187f1fe9c

          SHA512

          ba0cde5c01a8d2c4cce4cde55228f5dcc5e1b61f773cae81683a37dd9e71fa39624e20478978073f7263a106e1d3764f63802b1181ac27a828749e0238bb70aa

          Download Submit

        • C:\Users\Admin\Desktop\desktop.ini.TZW
          Filesize

          363B

          MD5

          78b541a66a90337c1729c3916bca8d33

          SHA1

          cdd9d0f98f364814916da60e52da1203759830c8

          SHA256

          10114d5dfa26b9c6080af8c6efc73f2e600853d0cacdebde65d9553e5edf5ed2

          SHA512

          cb2cf3afa79621bf9512668a7de00e369ed327973fac5ac6276d096f59736c52b93874c3e84d141b017aa666bd2867a5ab20eb7459e841ece0d5de148c642778

          Download Submit

        • C:\Users\Public\Desktop\Adobe Reader 9.lnk.TZW
          Filesize

          2KB

          MD5

          78fa1b8782b658e2a17841aa3b8bd12c

          SHA1

          b88f0c1ff20eb670573a319403b47b0d76fed343

          SHA256

          2f6b3d47bf540327787d37228e7717fc6c8053b323cc8f5a669719434ef1bc3c

          SHA512

          e4001829f8334469061c8ede00b090f2488a46275f9fe164e6513a38ef7712e0a66e8e92e117144c110f01eda5c46a4b19c97dcd63395851f035315e87f12f41

          Download Submit

        • C:\Users\Public\Desktop\Firefox.lnk.TZW
          Filesize

          1012B

          MD5

          2b117dcf358cf45a051b1bfc01d75314

          SHA1

          21aa91c78b0c3b969b7fd0bac2c1924c0c3b2536

          SHA256

          ef53b2837f365306c884f79a929cd56efeb1c7a45a5b26d8817b5b4e5132aca1

          SHA512

          cdb2b0fe6bd53acaf01a501faefbfce263a5c2d8eff3e8976e57a099a71155afd8e187dbd7513e3da0e47f602f4c08971976725d4ff0fa7644397a1ece0dd371

          Download Submit

        • C:\Users\Public\Desktop\Google Chrome.lnk.TZW
          Filesize

          2KB

          MD5

          dc748099fff58dfa38a60d4f52803f59

          SHA1

          1a0b89c0b99e25206b65c163e52b9b19c8ccaa14

          SHA256

          c2f9e6acb329941ba80432ecceeea6d35f87f3498d6e09dac596e462d7401d01

          SHA512

          3a8db10fee413a5cb007c489e76259952ffbafe9c8707df6df25696b0693e3b0edd97d8bff42d1987e7bcbe624e1acb61295ab4add5540945b59361d8a4b4883

          Download Submit

        • C:\Users\Public\Desktop\ReadMe.txt
          Filesize

          849B

          MD5

          dddd6f7b0646be4e2f942157fb645688

          SHA1

          a75acda7314829e4ebfa81348639276a55d631c6

          SHA256

          7d6c3e22511df93b23142f244dc916229c4d1deb8b6966365b22b4f8c4f131ff

          SHA512

          4c9ac52afbf604d84e54695105f50b806b07f4aa80b9182ba626ffa86786e8e82a11eb9467273bb0307eb5070e2457228aade1dc4e63b8663d41c22d62da7d87

          Download Submit

        • C:\Users\Public\Desktop\VLC media player.lnk.TZW
          Filesize

          959B

          MD5

          174fac63d760fdf9e75a8a8460d2fdbe

          SHA1

          1dac08c90ddb98cacf12eaf5f2e79b992acde385

          SHA256

          aedae752304074fdbe698737ac5902fe30349295c0c2d300f5fe515909672877

          SHA512

          aef1e54c70597790a10f727035220dc498da9c535c357288bf4c10f508b3b505418f78e0c70f2b9a8c7b67579012ee2981bd7ca1e3e6e697991a575cafcd48c9

          Download Submit

        • C:\Users\Public\Desktop\desktop.ini.TZW
          Filesize

          255B

          MD5

          2d82e8036dd726e7ba27e50c62e8dc43

          SHA1

          caf40a443ef74f6f8408ac5bfb41117124bb3922

          SHA256

          0459a0ddc48709a4a0fe05a9ae9828426421d746c772d4d35508f833ea225dd5

          SHA512

          29f9fc8f10e1e78850acf31759af457c2db520273e54f4d88c5dcf3354a11c366d2989774f49cf5311483e51fc70153674b890c10f4ad836d4a3ec865d856554

          Download Submit

        • \??\M:\$RECYCLE.BIN\S-1-5-21-4063495947-34355257-727531523-1000\desktop.ini
          Filesize

          129B

          MD5

          a526b9e7c716b3489d8cc062fbce4005

          SHA1

          2df502a944ff721241be20a9e449d2acd07e0312

          SHA256

          e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

          SHA512

          d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

          Download Submit

        • memory/832-54-0x000007FEFBF61000-0x000007FEFBF63000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1496-57-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1984-58-0x000007FEFB621000-0x000007FEFB623000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1984-95-0x0000000002320000-0x0000000002330000-memory.dmp

          Filesize

          64KB

          Download