99842928d56ef4c03fa17ec47538b1527d25d4b4644e157628475426cdb7acde

Analysis

max time kernel
140s
max time network
105s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-04-2023 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_File_Magic_2022.exe
Size

1.2MB
MD5

8f2c8356efa99b8b91b11741f6834602
SHA1

c2a4bb8ef0c785e14e624f0a27045803c9aeb03b
SHA256

99842928d56ef4c03fa17ec47538b1527d25d4b4644e157628475426cdb7acde
SHA512

333bca23e0fe61d2b35bfb383bfaf9aa6582e58b18365c395eeaa90b00482ad13ebf09039e6f9c9dc9e82e13bb4d16991a23a5b477b24f7359403dec808ed421
SSDEEP

24576:eoyyzDBXE5OljBjauSRJZXCi2GpnXZK1PMUOcIa3oz4Yk45cIpBss:tyIdtvBGpn01ucVA4Y7Bss

Score

8^/10

upx

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

FileMagic-S-1.9.8.19.exeFileMagic-S-1.9.8.19.tmp

pid process

1956 FileMagic-S-1.9.8.19.exe
2028 FileMagic-S-1.9.8.19.tmp

pid	process
1956	FileMagic-S-1.9.8.19.exe
2028	FileMagic-S-1.9.8.19.tmp

Loads dropped DLL 6 IoCs

Processes:

Setup_File_Magic_2022.exeFileMagic-S-1.9.8.19.exeFileMagic-S-1.9.8.19.tmp

pid	process
920	Setup_File_Magic_2022.exe
920	Setup_File_Magic_2022.exe
920	Setup_File_Magic_2022.exe
920	Setup_File_Magic_2022.exe
1956	FileMagic-S-1.9.8.19.exe
2028	FileMagic-S-1.9.8.19.tmp

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Program Files\File Magic\Wps\is-NIR9V.tmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

FileMagic-S-1.9.8.19.tmp

description	ioc	process
File opened for modification	C:\Program Files\File Magic\QlmLicenseLib.dll	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-9HB90.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-KJPLR.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-LOOKN.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-CME5I.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-QE3NI.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-15OT2.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-KG0TI.tmp	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\DevExpress.XtraTreeList.v18.1.dll	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\SolvuSoft.Views.Pdf.dll	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\SolvuSoft.Views.Wps.dll	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-PQ990.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-LAIPG.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-7D4NL.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-2GN3N.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-PEI6V.tmp	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\DevExpress.XtraCharts.v18.1.dll	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-QFHJR.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\editor\is-HFPT7.tmp	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\O2S.Components.PDFView4NET.dll	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-KV6UF.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-D4LA0.tmp	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\DevExpress.XtraEditors.v18.1.dll	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-EHBAO.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-9QQBA.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-DUURG.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-IEPTI.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-QS1NL.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-5J5CA.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\language\html\is-VGGP0.tmp	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\DevExpress.BonusSkins.v18.1.dll	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\SolvuSoft.Views.Xps.dll	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\PaintDotNet.Base.dll	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\DevExpress.DataAccess.v18.1.dll	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\language\typescript\lib\is-HEQKM.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\editor\contrib\quickOpen\browser\is-R9FSP.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-O1L1G.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-A7M33.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-CPA7H.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-37C9M.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-9L866.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-U2KUE.tmp	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\DevExpress.Utils.v18.1.dll	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\DevExpress.Office.v18.1.Core.dll	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\SolvuSoft.Localization.dll	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\7z\7z.dll	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-5UE2O.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\language\json\is-PDCPC.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\language\typescript\src\is-U993R.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-QHOTS.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-9AO8R.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-EVMRA.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\basic-languages\src\is-LRSPG.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-ET3K0.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-KRQ8A.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-7O2VH.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-V2T1G.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-P9H94.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-1C1GB.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\is-IPAUR.tmp	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\Resources\Editor\monaco\min\vs\editor\contrib\suggest\browser\is-IHIGR.tmp	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\ImageView.dll	FileMagic-S-1.9.8.19.tmp
File opened for modification	C:\Program Files\File Magic\Be.Windows.Forms.HexBox.dll	FileMagic-S-1.9.8.19.tmp
File created	C:\Program Files\File Magic\unins000.dat	FileMagic-S-1.9.8.19.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

Setup_File_Magic_2022.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	Setup_File_Magic_2022.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

FileMagic-S-1.9.8.19.tmp

pid process

2028 FileMagic-S-1.9.8.19.tmp
2028 FileMagic-S-1.9.8.19.tmp
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

FileMagic-S-1.9.8.19.tmp

pid process

2028 FileMagic-S-1.9.8.19.tmp

pid	process
2028	FileMagic-S-1.9.8.19.tmp
2028	FileMagic-S-1.9.8.19.tmp

pid	process
2028	FileMagic-S-1.9.8.19.tmp

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

Setup_File_Magic_2022.exe

pid	process
920	Setup_File_Magic_2022.exe
920	Setup_File_Magic_2022.exe
920	Setup_File_Magic_2022.exe
920	Setup_File_Magic_2022.exe
920	Setup_File_Magic_2022.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

Setup_File_Magic_2022.exeFileMagic-S-1.9.8.19.exe

description	pid	process	target process
PID 920 wrote to memory of 1956	920	Setup_File_Magic_2022.exe	FileMagic-S-1.9.8.19.exe
PID 920 wrote to memory of 1956	920	Setup_File_Magic_2022.exe	FileMagic-S-1.9.8.19.exe
PID 920 wrote to memory of 1956	920	Setup_File_Magic_2022.exe	FileMagic-S-1.9.8.19.exe
PID 920 wrote to memory of 1956	920	Setup_File_Magic_2022.exe	FileMagic-S-1.9.8.19.exe
PID 920 wrote to memory of 1956	920	Setup_File_Magic_2022.exe	FileMagic-S-1.9.8.19.exe
PID 920 wrote to memory of 1956	920	Setup_File_Magic_2022.exe	FileMagic-S-1.9.8.19.exe
PID 920 wrote to memory of 1956	920	Setup_File_Magic_2022.exe	FileMagic-S-1.9.8.19.exe
PID 1956 wrote to memory of 2028	1956	FileMagic-S-1.9.8.19.exe	FileMagic-S-1.9.8.19.tmp
PID 1956 wrote to memory of 2028	1956	FileMagic-S-1.9.8.19.exe	FileMagic-S-1.9.8.19.tmp
PID 1956 wrote to memory of 2028	1956	FileMagic-S-1.9.8.19.exe	FileMagic-S-1.9.8.19.tmp
PID 1956 wrote to memory of 2028	1956	FileMagic-S-1.9.8.19.exe	FileMagic-S-1.9.8.19.tmp
PID 1956 wrote to memory of 2028	1956	FileMagic-S-1.9.8.19.exe	FileMagic-S-1.9.8.19.tmp
PID 1956 wrote to memory of 2028	1956	FileMagic-S-1.9.8.19.exe	FileMagic-S-1.9.8.19.tmp
PID 1956 wrote to memory of 2028	1956	FileMagic-S-1.9.8.19.exe	FileMagic-S-1.9.8.19.tmp

C:\Users\Admin\AppData\Local\Temp\Setup_File_Magic_2022.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_File_Magic_2022.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:920

C:\Users\Admin\AppData\Local\Temp\{A9CD5F3C-B3D8-4C39-B864-2E5F3581A5D1}\FileMagic-S-1.9.8.19.exe
"C:\Users\Admin\AppData\Local\Temp\{A9CD5F3C-B3D8-4C39-B864-2E5F3581A5D1}\FileMagic-S-1.9.8.19.exe" /verysilent /norestart /LANG en-us
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1956

C:\Users\Admin\AppData\Local\Temp\is-BNKQS.tmp\FileMagic-S-1.9.8.19.tmp
"C:\Users\Admin\AppData\Local\Temp\is-BNKQS.tmp\FileMagic-S-1.9.8.19.tmp" /SL5="$2017E,60285589,131584,C:\Users\Admin\AppData\Local\Temp\{A9CD5F3C-B3D8-4C39-B864-2E5F3581A5D1}\FileMagic-S-1.9.8.19.exe" /verysilent /norestart /LANG en-us
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:2028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\File Magic\Wps\is-NIR9V.tmp

Filesize
133KB

MD5
0ba5a293b5bac50fbd39ce37c3780439

SHA1
7b141b62777c8b0422203d323771032ff355ef5c

SHA256
b995f5b374a261a991da7db7b09c47d8c6945c7c92fe5d74aa947b054a712cb1

SHA512
c684705c7827087d6df7617a232484927c878894918f0e4a8dabf6580a77d49db4dc8a32fa550b69b2531f7372766e75974b279b2f69310a958b76fb7b8e33b4

Download Submit
C:\Program Files\File Magic\unins000.exe

Filesize
1.1MB

MD5
034641d201844aa7f133e69aa72274ac

SHA1
050b02112b1e22cf8a310e5cd3b19afa993473ce

SHA256
f56049e52d6ab4c7d233d9745395c910a042528de0c577a2ed6717bd52cf6db0

SHA512
78066721fec10d68a3f7c45cfe4192c79a838afec319de5300e13b7870c217fba5f568a45a84d4f55e2563cfccd0f70a1174a86b3cdb0a19111aa141853dddf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BNKQS.tmp\FileMagic-S-1.9.8.19.tmp

Filesize
1.1MB

MD5
034641d201844aa7f133e69aa72274ac

SHA1
050b02112b1e22cf8a310e5cd3b19afa993473ce

SHA256
f56049e52d6ab4c7d233d9745395c910a042528de0c577a2ed6717bd52cf6db0

SHA512
78066721fec10d68a3f7c45cfe4192c79a838afec319de5300e13b7870c217fba5f568a45a84d4f55e2563cfccd0f70a1174a86b3cdb0a19111aa141853dddf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BNKQS.tmp\FileMagic-S-1.9.8.19.tmp

Filesize
1.1MB

MD5
034641d201844aa7f133e69aa72274ac

SHA1
050b02112b1e22cf8a310e5cd3b19afa993473ce

SHA256
f56049e52d6ab4c7d233d9745395c910a042528de0c577a2ed6717bd52cf6db0

SHA512
78066721fec10d68a3f7c45cfe4192c79a838afec319de5300e13b7870c217fba5f568a45a84d4f55e2563cfccd0f70a1174a86b3cdb0a19111aa141853dddf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{11B9500D-898B-4B7A-AD23-C16B92C33545}\resources.1.0.0.29s

Filesize
1.6MB

MD5
0e7d6a3a2b0fdaefff1fbf07dfb0e483

SHA1
42b8b39856c52194d2a7e4d7877eec061de22213

SHA256
ef17ed2630826295a6c4092269524f422cebcd1c9af872fb9f270c810ae9923d

SHA512
9f44ff56d19e9892ed941b3579966627750d086fd0c0d5042ef4432d494ab79d5b232ee8c47a60cb5122946e2de03c4d2f07c1d9a779d1e3e26ddd4a47cb4a78

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9CD5F3C-B3D8-4C39-B864-2E5F3581A5D1}\FileMagic-S-1.9.8.19.exe

Filesize
58.1MB

MD5
6bba1a3f0115ea3604f87d92e6cb925e

SHA1
e489aef3f3448354ca315dc9840cd58918ce2bea

SHA256
c89b59b5a94afc89b4ee13bccff3bb440ef24662e8420c3f658c939207346d88

SHA512
228be702a4d3c1b6d5a04095b6af1d193d6b61126acb6819571eb90d83d9535a7021ccbea3a61d84dd76e292c3d87cc7fde4da3e4f6a33979a404428772b76e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9CD5F3C-B3D8-4C39-B864-2E5F3581A5D1}\FileMagic-S-1.9.8.19.exe

Filesize
58.1MB

MD5
6bba1a3f0115ea3604f87d92e6cb925e

SHA1
e489aef3f3448354ca315dc9840cd58918ce2bea

SHA256
c89b59b5a94afc89b4ee13bccff3bb440ef24662e8420c3f658c939207346d88

SHA512
228be702a4d3c1b6d5a04095b6af1d193d6b61126acb6819571eb90d83d9535a7021ccbea3a61d84dd76e292c3d87cc7fde4da3e4f6a33979a404428772b76e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9CD5F3C-B3D8-4C39-B864-2E5F3581A5D1}\FileMagic-S-1.9.8.19.exe

Filesize
58.1MB

MD5
6bba1a3f0115ea3604f87d92e6cb925e

SHA1
e489aef3f3448354ca315dc9840cd58918ce2bea

SHA256
c89b59b5a94afc89b4ee13bccff3bb440ef24662e8420c3f658c939207346d88

SHA512
228be702a4d3c1b6d5a04095b6af1d193d6b61126acb6819571eb90d83d9535a7021ccbea3a61d84dd76e292c3d87cc7fde4da3e4f6a33979a404428772b76e5

Download Submit
\Users\Admin\AppData\Local\Temp\is-91NEJ.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
\Users\Admin\AppData\Local\Temp\is-BNKQS.tmp\FileMagic-S-1.9.8.19.tmp

Filesize
1.1MB

MD5
034641d201844aa7f133e69aa72274ac

SHA1
050b02112b1e22cf8a310e5cd3b19afa993473ce

SHA256
f56049e52d6ab4c7d233d9745395c910a042528de0c577a2ed6717bd52cf6db0

SHA512
78066721fec10d68a3f7c45cfe4192c79a838afec319de5300e13b7870c217fba5f568a45a84d4f55e2563cfccd0f70a1174a86b3cdb0a19111aa141853dddf1

Download Submit
\Users\Admin\AppData\Local\Temp\{A9CD5F3C-B3D8-4C39-B864-2E5F3581A5D1}\FileMagic-S-1.9.8.19.exe

Filesize
58.1MB

MD5
6bba1a3f0115ea3604f87d92e6cb925e

SHA1
e489aef3f3448354ca315dc9840cd58918ce2bea

SHA256
c89b59b5a94afc89b4ee13bccff3bb440ef24662e8420c3f658c939207346d88

SHA512
228be702a4d3c1b6d5a04095b6af1d193d6b61126acb6819571eb90d83d9535a7021ccbea3a61d84dd76e292c3d87cc7fde4da3e4f6a33979a404428772b76e5

Download Submit
\Users\Admin\AppData\Local\Temp\{A9CD5F3C-B3D8-4C39-B864-2E5F3581A5D1}\FileMagic-S-1.9.8.19.exe

Filesize
58.1MB

MD5
6bba1a3f0115ea3604f87d92e6cb925e

SHA1
e489aef3f3448354ca315dc9840cd58918ce2bea

SHA256
c89b59b5a94afc89b4ee13bccff3bb440ef24662e8420c3f658c939207346d88

SHA512
228be702a4d3c1b6d5a04095b6af1d193d6b61126acb6819571eb90d83d9535a7021ccbea3a61d84dd76e292c3d87cc7fde4da3e4f6a33979a404428772b76e5

Download Submit
\Users\Admin\AppData\Local\Temp\{A9CD5F3C-B3D8-4C39-B864-2E5F3581A5D1}\FileMagic-S-1.9.8.19.exe

Filesize
58.1MB

MD5
6bba1a3f0115ea3604f87d92e6cb925e

SHA1
e489aef3f3448354ca315dc9840cd58918ce2bea

SHA256
c89b59b5a94afc89b4ee13bccff3bb440ef24662e8420c3f658c939207346d88

SHA512
228be702a4d3c1b6d5a04095b6af1d193d6b61126acb6819571eb90d83d9535a7021ccbea3a61d84dd76e292c3d87cc7fde4da3e4f6a33979a404428772b76e5

Download Submit
\Users\Admin\AppData\Local\Temp\{A9CD5F3C-B3D8-4C39-B864-2E5F3581A5D1}\FileMagic-S-1.9.8.19.exe

Filesize
58.1MB

MD5
6bba1a3f0115ea3604f87d92e6cb925e

SHA1
e489aef3f3448354ca315dc9840cd58918ce2bea

SHA256
c89b59b5a94afc89b4ee13bccff3bb440ef24662e8420c3f658c939207346d88

SHA512
228be702a4d3c1b6d5a04095b6af1d193d6b61126acb6819571eb90d83d9535a7021ccbea3a61d84dd76e292c3d87cc7fde4da3e4f6a33979a404428772b76e5

Download Submit
memory/1956-90-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1956-77-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2028-96-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2028-212-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2028-355-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download