Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

r.msi

windows7-x64

8

r.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    81s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2023, 08:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    r.msi

  • Size

    270.5MB

  • MD5

    522c0b0d445c62cdeb0a80bcce645d57

  • SHA1

    5dad52c67d114f7a3a5a1e7ae5b15b581054d468

  • SHA256

    957639998125a31c998b0104dba7f463d0659716a0a5b62fcc82eb28a0c0477b

  • SHA512

    97da31389ca0986c5f63244573ad0edd6c83feb7e9c44557acfb51832db308c6165cdd390d1555ee8dec941cc0cb896fa1ccc59cbf7b9de9610003f0bd2e8a48

  • SSDEEP

    6291456:FTUNwNgD8hhlK4sCC90uWHgnNfTSeHRAod2da0Dmq75UpY21DYJ5HI:1UN5DqKnCULtnlnAM2kE5Gco

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks system information in the registry 2 TTPs 1 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 11 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\r.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:920
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep bypass -file "C:\Users\Admin\AppData\Local\Temp\Package Installation Dir\citr.ps1"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:392
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
        "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1eijkopt.cmdline"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1796
        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
          C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES15A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC149.tmp"
          4⤵
            PID:1880
      • C:\Users\Admin\AppData\Local\Temp\Package Installation Dir\CitrixWorkspaceApp.exe
        "C:\Users\Admin\AppData\Local\Temp\Package Installation Dir\CitrixWorkspaceApp.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1532
        • C:\Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\TrolleyExpress.exe
          "C:\Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\TrolleyExpress.exe" "C:\Users\Admin\AppData\Local\Temp\Package Installation Dir\CitrixWorkspaceApp.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          PID:292
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:796
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000520" "00000000000004B0"
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:272

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\6cc47a.rbs
      Filesize

      7KB

      MD5

      ddf411762e0293a8c89215df10a24e47

      SHA1

      6a54cc945aa90b75f0ad1f694770d950f0cd8e25

      SHA256

      1ed50fbb4b6b2ce06a7ad175625e3b655211c1a515666bfcd92d31c712778e84

      SHA512

      99caf80f1e4b67aaeca7d76b8d79ca7db7cbdc6324689dbd9f2a0a163ef705a64539a9e2870715533843e8b9a0c85ae55434fa6eb12185d0d21118ae90b4fc65

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560
      Filesize

      1KB

      MD5

      e94fb54871208c00df70f708ac47085b

      SHA1

      4efc31460c619ecae59c1bce2c008036d94c84b8

      SHA256

      7b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df86

      SHA512

      2e15b76e16264abb9f5ef417752a1cbb75f29c11f96ac7d73793172bd0864db65f2d2b7be0f16bbbe686068f0c368815525f1e39db5a0d6ca3ab18be6923b898

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      60bd73540c135f27f14936570eec89bc

      SHA1

      ffdd186d71645c56ec80a189ebbaade57042d67a

      SHA256

      26c7cd834b6ae5e695a9340e2396001be2a206a1829594f319c8bf6c436749a0

      SHA512

      d28554ed17872e86ad99efccfafdb9ad58c290e8521545a009df872b120ce8034d6075e1d41e359988bce76b76bee758017a3eae58cd46133f4ae2dc140de1d1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560
      Filesize

      264B

      MD5

      acb354500d456eeadc7523ab5e2d2c10

      SHA1

      5a906d33fb31f08901dc26060ea186a1a59dd5a4

      SHA256

      d556bdfb5be080c02eafcc5ce3cc2dc922f9f13a02c518767cb7298e44a5e62f

      SHA512

      5ec1f150db922ecd8b91e69a8822d6152a62f014ed1e3ab1d022a50886d87e679578ebe3e6bf6b3616a525a1b1fa0d63b11d14d040404d37f5d011054fe308d5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1eijkopt.dll
      Filesize

      3KB

      MD5

      9f6d73634000b45d0bfe33965949536d

      SHA1

      8cbc7edeeba5af9bd353894eac7700f039075ac3

      SHA256

      22883ffa30b6919f627c97992b412c43c8a7dfa6595dafc8a9fb60282b57fc9d

      SHA512

      a572dfb3fce78df019757941440372c06e512a150bf918de894dbb6a83f8428ea36ec2c69267dd6664a047ebf03cf71ac0b6322dd40061e46da3d7ab5acfd1e5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1eijkopt.pdb
      Filesize

      7KB

      MD5

      994fba99c81d81035b1f50d560ef6ad1

      SHA1

      9bb6a4113bd39c1b8dc025e52817fa6120f57281

      SHA256

      6d761353385ebd139220d7040fcd10ad2ee4098f6b119a69713fe1389bc48d8a

      SHA512

      1bc39a47e61c925ba7a7bbde71086243850dd8ba095d461e51f35ec390b81b3c880b0c8f1256bd65b74fd88876c4d8dc74dcac46f134779221a6e858ffce8112

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab4369.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\AnalyticsInterface.dll
      Filesize

      994KB

      MD5

      4bff4cc33f8ab15c1ac720b6699865e2

      SHA1

      2696dd32299ef75fec43c4807b56a71c4c277af4

      SHA256

      be31bb68f16d8cc98f46e7257bc49f26ad79c0bb2103e3ceceddd4ca1ac4f590

      SHA512

      07d7b2fcd18da018b81c102495d37eaf1221f8d9829fe483b7523ef0d73e820b038a12f63e37f1a513bc7090cb55fdecddc1adbdbff020c1479967b3df000a87

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\CitrixBrandingHelper.dll
      Filesize

      2.0MB

      MD5

      9492de748b5febc6c13b766842bf0a08

      SHA1

      2766bf3beef833de76998455dc08d5867bfbe57a

      SHA256

      05b74d3260f319b746907a4e57fd0e66b1b9b2082ac802830022c642935b0509

      SHA512

      2c102153694d6118d19ef5db5e11effe0dce5e937e4010cc6ad87578ea68776ae41f45d7f3c771a47ebe0dec30b2bd36c2201b8597b60e4a90ad6d3d7b1fe341

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\Receiver.ico
      Filesize

      264KB

      MD5

      aa1d501f4eb554413e2bcc3a2cb8cde3

      SHA1

      14757a2d8dcc8da22abf4a9d14cb6cbcd071282f

      SHA256

      e45cad74493df15b604449e27b3932c01e345f16e19ab8767a6fa23d50707764

      SHA512

      b718de474018b4c8d0da83c531c917b513234a386ba2aec839369988768e78a1bad9773e100fe89496c3f87dd3b6a99211ad3c0d211e8b108a7a2a10951e4305

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\TrolleyExpress.exe
      Filesize

      5.9MB

      MD5

      b1fb983c2fbb56c5954cb32f63b81ebe

      SHA1

      dbea158f714d4a8ee525f9c8a3de0c859f9ea1fe

      SHA256

      d5388d1cec333cb1fe008f4226c341a4209b291b8264fd7f8f6c4196257702a9

      SHA512

      6ceeff10a02262a8367249eca3f1b57b247e10745e9ee2b265f1c119e15dbf4441cfc5941125fbb7833eb7a78da1a60465ab1f5addd4f22659987fb73190a122

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\TrolleyExpress.exe
      Filesize

      5.9MB

      MD5

      b1fb983c2fbb56c5954cb32f63b81ebe

      SHA1

      dbea158f714d4a8ee525f9c8a3de0c859f9ea1fe

      SHA256

      d5388d1cec333cb1fe008f4226c341a4209b291b8264fd7f8f6c4196257702a9

      SHA512

      6ceeff10a02262a8367249eca3f1b57b247e10745e9ee2b265f1c119e15dbf4441cfc5941125fbb7833eb7a78da1a60465ab1f5addd4f22659987fb73190a122

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\TrolleyExpressUI_en.dll
      Filesize

      3.1MB

      MD5

      748674a3f4fb964b774c9df13c10e145

      SHA1

      2e115ca53fabcab37ca12177042e2b89794ee787

      SHA256

      b2a7f96b3c6345b1815e018fdebf122439deda71d715779644fd661a39b370af

      SHA512

      24d4fe341957af2b50de33abbe7c3f2e7fc33ad1507079141f96ae990d35ce74c8640cff274f00e76e839b06ccfaedea30222c44047cd494c2f8f4c7ed46b884

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\UtilityCpp.dll
      Filesize

      48KB

      MD5

      6a159a4511565020a725cdb2ed22755c

      SHA1

      3ea8ac65b1787ce006df7f9158646aaaac236459

      SHA256

      0a320d86ccaa9a2f43f8cc7a503eb4121078a84607360c6c4e13e0ce62d805df

      SHA512

      a595b23d879e3bc3cc52379a20182736d02c6bb5568fbd3270ad629d0f2069e2f8068483f550fe8e0ba2727902d563a70ee6cdafccac552bddfd40e852cf3213

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Package Installation Dir\CitrixWorkspaceApp.exe
      Filesize

      269.4MB

      MD5

      9fc9236fd9fc3fede8a6b2c64965696b

      SHA1

      0b090e64f788cd5ebf1a5afdd402d533facf2415

      SHA256

      046fc29661664bbc1e8c560c76bca11ef2386b0537ebb4369799f92e81e05dc2

      SHA512

      7d1b435a7d57c91ad766f8cca55545c7f2decf13427bbbaf21eb23ae498791ca469a1739419b1c8e4774e1c0b700b8257ef57ef14bd6f95db22eb63c3ef24d1b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Package Installation Dir\citr.ps1
      Filesize

      2.2MB

      MD5

      6f255f7dfc19b858d78285ea03ec8f1e

      SHA1

      4e03cfe945f403360d560f402cfeec8a4da51017

      SHA256

      23fab0dc1bdc6e0cfa3e3365b286d03382c495e7a5ccc9f9a5a01bbf86bc0b3a

      SHA512

      ec66c8ec98a9872dff89abfbe06057cc6dc9ce1199be021ef32201dcfe87e473cfe69c5db7fa61f6d09b19cef541af03344532833e37faeb2a3989c8bffd291a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\RES15A.tmp
      Filesize

      1KB

      MD5

      901766cb7a2920d24820d61fc8c7120e

      SHA1

      34c28e54ce3f3cbaaaac530396ff9019f9c61094

      SHA256

      86066ae7aaa3d970f217e6ed53c8cf91c9b547c02e75e9a0d395be09fc6013ec

      SHA512

      b9e8fac4dfdd0a47bfe9d57f16cc1f3480f6893419f977b69b69aec131f7e9d748c1fc8fbe22c6ed0a5c4306190baa37f68aabf1a95fc1a9de0797fed77b8a9f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar4476.tmp
      Filesize

      161KB

      MD5

      73b4b714b42fc9a6aaefd0ae59adb009

      SHA1

      efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

      SHA256

      c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

      SHA512

      73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar4634.tmp
      Filesize

      161KB

      MD5

      be2bec6e8c5653136d3e72fe53c98aa3

      SHA1

      a8182d6db17c14671c3d5766c72e58d87c0810de

      SHA256

      1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

      SHA512

      0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

      Download Submit

    • C:\Windows\Installer\6cc478.msi
      Filesize

      270.5MB

      MD5

      522c0b0d445c62cdeb0a80bcce645d57

      SHA1

      5dad52c67d114f7a3a5a1e7ae5b15b581054d468

      SHA256

      957639998125a31c998b0104dba7f463d0659716a0a5b62fcc82eb28a0c0477b

      SHA512

      97da31389ca0986c5f63244573ad0edd6c83feb7e9c44557acfb51832db308c6165cdd390d1555ee8dec941cc0cb896fa1ccc59cbf7b9de9610003f0bd2e8a48

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\1eijkopt.0.cs
      Filesize

      203B

      MD5

      b611be9282deb44eed731f72bcbb2b82

      SHA1

      cc1d606d853bbabd5fef87255356a0d54381c289

      SHA256

      ee09fdd61a05266e4e09f418fc6a452f1205d9f29afba6b8a1579333dc3ff3b6

      SHA512

      63b5ad7b65fd4866fb8841e4eee567e4f1e7888bb9fda8dd5c8dca3461d084d3f80ce920ae321609e4ff32ba13a55b7320282ce7201bb74a793d4700240360a4

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\1eijkopt.cmdline
      Filesize

      309B

      MD5

      7ff43fd6a016e1d4dedc031a69fa4a3a

      SHA1

      4a6beb45248f49189be39b9975fe7fbf67479d22

      SHA256

      86b8cf79746e94ff1ffa48c93fb1c8e410b7d8286a8115da217accc3c8ec1aec

      SHA512

      14a750e246c7626bfd9c4c2b40de72c91fe60e94760e941eb18cc3c50103c57cb96563e45abd9c1bcf7579ea3ded1ebc20e35c09ece0a4e8309b3c554531c0c8

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\CSC149.tmp
      Filesize

      652B

      MD5

      f69d027f0aff303876eba0cc2538f327

      SHA1

      4b8f04129dd38b5f037d415f1b6cc204801047aa

      SHA256

      fc7e91e08a723acacb7b104d12091c940a4a8eb0626626cc82b89e076884a577

      SHA512

      3afc98d8cedf034f9258e6fec7a69a0c62ad450681c6f851e611471d2b7a87fe90c677fe099f8f000d4f4b1ac32e44c9b08811775f5b534b903fe66587ccbaae

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\AnalyticsInterface.dll
      Filesize

      994KB

      MD5

      4bff4cc33f8ab15c1ac720b6699865e2

      SHA1

      2696dd32299ef75fec43c4807b56a71c4c277af4

      SHA256

      be31bb68f16d8cc98f46e7257bc49f26ad79c0bb2103e3ceceddd4ca1ac4f590

      SHA512

      07d7b2fcd18da018b81c102495d37eaf1221f8d9829fe483b7523ef0d73e820b038a12f63e37f1a513bc7090cb55fdecddc1adbdbff020c1479967b3df000a87

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\CitrixBrandingHelper.dll
      Filesize

      2.0MB

      MD5

      9492de748b5febc6c13b766842bf0a08

      SHA1

      2766bf3beef833de76998455dc08d5867bfbe57a

      SHA256

      05b74d3260f319b746907a4e57fd0e66b1b9b2082ac802830022c642935b0509

      SHA512

      2c102153694d6118d19ef5db5e11effe0dce5e937e4010cc6ad87578ea68776ae41f45d7f3c771a47ebe0dec30b2bd36c2201b8597b60e4a90ad6d3d7b1fe341

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\TrolleyExpress.exe
      Filesize

      5.9MB

      MD5

      b1fb983c2fbb56c5954cb32f63b81ebe

      SHA1

      dbea158f714d4a8ee525f9c8a3de0c859f9ea1fe

      SHA256

      d5388d1cec333cb1fe008f4226c341a4209b291b8264fd7f8f6c4196257702a9

      SHA512

      6ceeff10a02262a8367249eca3f1b57b247e10745e9ee2b265f1c119e15dbf4441cfc5941125fbb7833eb7a78da1a60465ab1f5addd4f22659987fb73190a122

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\TrolleyExpress.exe
      Filesize

      5.9MB

      MD5

      b1fb983c2fbb56c5954cb32f63b81ebe

      SHA1

      dbea158f714d4a8ee525f9c8a3de0c859f9ea1fe

      SHA256

      d5388d1cec333cb1fe008f4226c341a4209b291b8264fd7f8f6c4196257702a9

      SHA512

      6ceeff10a02262a8367249eca3f1b57b247e10745e9ee2b265f1c119e15dbf4441cfc5941125fbb7833eb7a78da1a60465ab1f5addd4f22659987fb73190a122

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\TrolleyExpress.exe
      Filesize

      5.9MB

      MD5

      b1fb983c2fbb56c5954cb32f63b81ebe

      SHA1

      dbea158f714d4a8ee525f9c8a3de0c859f9ea1fe

      SHA256

      d5388d1cec333cb1fe008f4226c341a4209b291b8264fd7f8f6c4196257702a9

      SHA512

      6ceeff10a02262a8367249eca3f1b57b247e10745e9ee2b265f1c119e15dbf4441cfc5941125fbb7833eb7a78da1a60465ab1f5addd4f22659987fb73190a122

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\TrolleyExpress.exe
      Filesize

      5.9MB

      MD5

      b1fb983c2fbb56c5954cb32f63b81ebe

      SHA1

      dbea158f714d4a8ee525f9c8a3de0c859f9ea1fe

      SHA256

      d5388d1cec333cb1fe008f4226c341a4209b291b8264fd7f8f6c4196257702a9

      SHA512

      6ceeff10a02262a8367249eca3f1b57b247e10745e9ee2b265f1c119e15dbf4441cfc5941125fbb7833eb7a78da1a60465ab1f5addd4f22659987fb73190a122

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\TrolleyExpressUI_en.dll
      Filesize

      3.1MB

      MD5

      748674a3f4fb964b774c9df13c10e145

      SHA1

      2e115ca53fabcab37ca12177042e2b89794ee787

      SHA256

      b2a7f96b3c6345b1815e018fdebf122439deda71d715779644fd661a39b370af

      SHA512

      24d4fe341957af2b50de33abbe7c3f2e7fc33ad1507079141f96ae990d35ce74c8640cff274f00e76e839b06ccfaedea30222c44047cd494c2f8f4c7ed46b884

      Download Submit

    • \Users\Admin\AppData\Local\Temp\Ctx-FCD29BBA-6447-4894-AC85-7062F622C9C4\Extract\UtilityCpp.dll
      Filesize

      48KB

      MD5

      6a159a4511565020a725cdb2ed22755c

      SHA1

      3ea8ac65b1787ce006df7f9158646aaaac236459

      SHA256

      0a320d86ccaa9a2f43f8cc7a503eb4121078a84607360c6c4e13e0ce62d805df

      SHA512

      a595b23d879e3bc3cc52379a20182736d02c6bb5568fbd3270ad629d0f2069e2f8068483f550fe8e0ba2727902d563a70ee6cdafccac552bddfd40e852cf3213

      Download Submit

    • memory/392-238-0x0000000002020000-0x00000000020A0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/392-229-0x0000000002020000-0x00000000020A0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/392-252-0x000000001B680000-0x000000001B688000-memory.dmp

      Filesize

      32KB

      Download

    • memory/392-222-0x0000000002020000-0x00000000020A0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/392-221-0x0000000002410000-0x0000000002418000-memory.dmp

      Filesize

      32KB

      Download

    • memory/392-220-0x000000001B060000-0x000000001B342000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/1796-243-0x00000000007A0000-0x0000000000820000-memory.dmp

      Filesize

      512KB

      Download