Analysis

  • max time kernel
    75s
  • max time network
    36s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 20:24

General

  • Target

    LB3.bin.exe

  • Size

    147KB

  • MD5

    c1eb609c9ed588d372091d5531a74aeb

  • SHA1

    faf042b6cef13d0d46c5b5e7f3f5a595fa0a5952

  • SHA256

    7a59f387a926696968bea7c8f891e79d7410c989bd6f20b77a3e5a2a29f0363e

  • SHA512

    828356900e5dc26d4e371b76504dfb4af3b4594708cb4acc76b22e69dc1766f5558ff55d0cbe0fa408fb97ca5741a08f6551b29fddebf6cddb35b6c0084a40c1

  • SSDEEP

    3072:w6glyuxE4GsUPnliByocWepkEa9YmM31iA9uHZiW:w6gDBGpvEByocWeJhRFwAW

Malware Config

Extracted

Path

C:\zvV4dTvWn.README.txt

Family

lockbit

Ransom Note
~~~ LockBit 3.0 the world's fastest ransomware since 2019 ~~~ >>>> Your data are stolen and encrypted The data will be published if you do not pay the ransom >>>> PAYMENT : Step 01 : Send 5000 euro in bitcoin to the following address : bc1qvmcaphjgaphshzl65m4um98ffwr6w3ztdchw4y Step 02 : Send proof of transaction to this telegram contact : @P3NT3ST_R00T (https://t.me/P3NT3ST_R00T) Step 03 : After verification of your payment a decryption code will be sent to you. >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID >>>> Your personal DECRYPTION ID: FF3BF712A630DBD20A864612A64B4C42 >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!
URLs

https://t.me/P3NT3ST_R00T

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

  • Modifies extensions of user files 10 IoCs

    Ransomware generally changes the extension on encrypted files.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops desktop.ini file(s) 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Control Panel 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: RenamesItself 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LB3.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\LB3.bin.exe"
    1⤵
    • Modifies extensions of user files
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Sets desktop wallpaper using registry
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies Control Panel
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\ProgramData\784C.tmp
      "C:\ProgramData\784C.tmp"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:1604
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\784C.tmp >> NUL
        3⤵
          PID:436
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x150
      1⤵
        PID:1376

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\AAAAAAAAAAA

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\BBBBBBBBBBB

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\CCCCCCCCCCC

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\DDDDDDDDDDD

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\EEEEEEEEEEE

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\EEEEEEEEEEE

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\FFFFFFFFFFF

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\GGGGGGGGGGG

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\HHHHHHHHHHH

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\IIIIIIIIIII

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\JJJJJJJJJJJ

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\KKKKKKKKKKK

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\LLLLLLLLLLL

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\MMMMMMMMMMM

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\NNNNNNNNNNN

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\OOOOOOOOOOO

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\PPPPPPPPPPP

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\QQQQQQQQQQQ

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\RRRRRRRRRRR

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\SSSSSSSSSSS

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\TTTTTTTTTTT

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\UUUUUUUUUUU

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\VVVVVVVVVVV

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\WWWWWWWWWWW

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\XXXXXXXXXXX

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\YYYYYYYYYYY

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\$Recycle.Bin\S-1-5-21-1563773381-2037468142-1146002597-1000\desktop.ini

              Filesize

              129B

              MD5

              a2c6360b3e2cb0101254088a75596363

              SHA1

              cd0874114d27151ef1b5ea061a48fd003c0488d7

              SHA256

              77cdd8d6a2decb2f9426c7ffc366dfca89dda3636e11f331c09e9f39282d5239

              SHA512

              64176f74028013acbf6952298739bb9a685e5d750ed04fc092217eb4104f2c2ae7f9feea11f3fa2f43cab9d8bcbb086cfd400f8e62ae1625b9e5ea8dc31b2186

            • C:\ProgramData\784C.tmp

              Filesize

              14KB

              MD5

              294e9f64cb1642dd89229fff0592856b

              SHA1

              97b148c27f3da29ba7b18d6aee8a0db9102f47c9

              SHA256

              917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

              SHA512

              b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

            • C:\ProgramData\784C.tmp

              Filesize

              14KB

              MD5

              294e9f64cb1642dd89229fff0592856b

              SHA1

              97b148c27f3da29ba7b18d6aee8a0db9102f47c9

              SHA256

              917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

              SHA512

              b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

            • C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDD

              Filesize

              147KB

              MD5

              0a631b775d79a21d48e9599834e2a2e0

              SHA1

              d901a054bda90445a8adf604976dc7fc4cf32887

              SHA256

              f5fa33bad462c53405715226e056e685d2c113a9e6db23e3b7cde72259d4c50b

              SHA512

              c3e3161c75b39dc1618a7e3c54a062662fd2d3a457684c58df356f65036f6d94940515d81aae6cb02bb3e326ab83a466c5a8c08d22574249ee7bc748c598342e

            • C:\zvV4dTvWn.README.txt

              Filesize

              1KB

              MD5

              8b4e923bc738bcbbffb8c99328117048

              SHA1

              9c9a73cb698db45e3fa1a1b8d4b0dc708d18d452

              SHA256

              ff1743a76e90714d58140ee8cca30df67d4e9c96590e454d03ee6d94e108816a

              SHA512

              7f484b197b74f7e235d1ddf85a0a47341175a71a8220e25b96a40713ff0f5bbf005458224eb999af3921b9ee5525d65bd96e65b74f3539fab9b3e1d38cd24f7b

            • \ProgramData\784C.tmp

              Filesize

              14KB

              MD5

              294e9f64cb1642dd89229fff0592856b

              SHA1

              97b148c27f3da29ba7b18d6aee8a0db9102f47c9

              SHA256

              917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

              SHA512

              b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

            • memory/1604-895-0x0000000000475000-0x0000000000493000-memory.dmp

              Filesize

              120KB

            • memory/2032-204-0x0000000000D70000-0x0000000000DB0000-memory.dmp

              Filesize

              256KB

            • memory/2032-206-0x0000000000D70000-0x0000000000DB0000-memory.dmp

              Filesize

              256KB

            • memory/2032-249-0x0000000000D70000-0x0000000000DB0000-memory.dmp

              Filesize

              256KB