5961d0a8ebdc116b674d3231b5c8b01b35d3c7a191b0bb8ab5bb7b14352cc065

Resubmissions

24/02/2024, 23:32

240224-3jlc5agg36 10

19/02/2024, 20:03

240219-ys4tlscg37 10

19/02/2024, 20:01

240219-yrrsnacb2z 10

Analysis

max time kernel
51s
max time network
96s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/02/2024, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

License/Driver Booster 11 PRO License.exe
Size

770KB
MD5

27cf0c7d37e5ffbab9b1a163544f3321
SHA1

3ed7493f213a01f7c99a4d11f56cfa7f79f90d0a
SHA256

4f6eba5f100a37005509d15782ca2991de72d027be766ba779f20e956555c29b
SHA512

f9ac54ee39c7192406a51a6e506b420387b2314facc31656b1acd3a69fdcb3060553b42122c5a6f5092083d71c20d4304b1ed067e9b1e481951c1a4798e0fa2d
SSDEEP

12288:HtLqu6mmCXykkkkkkkBgEgEQJrQXSmsw71AfyffvnZYyGPlWHiCXIEwc+4iAxtz+:HtLWjQXDsw+fAXnZWWHLfwcvxzF7di

Score

10^/10

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 2148 created 1204	2148	Rosa.pif	14

Executes dropped EXE 2 IoCs

pid	Process
2148	Rosa.pif
2920	Rosa.pif

Loads dropped DLL 2 IoCs

pid	Process
2788	cmd.exe
2148	Rosa.pif

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2148 set thread context of 2920	2148	Rosa.pif	43

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery

T1057

pid	Process
2776	tasklist.exe
2660	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2352	PING.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2148	Rosa.pif
2148	Rosa.pif
2148	Rosa.pif
2148	Rosa.pif
684	chrome.exe
684	chrome.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeDebugPrivilege	2776	tasklist.exe
Token: SeDebugPrivilege	2660	tasklist.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe
Token: SeShutdownPrivilege	684	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2148	Rosa.pif
2148	Rosa.pif
2148	Rosa.pif
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2148	Rosa.pif
2148	Rosa.pif
2148	Rosa.pif
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe
684	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2788	2168	Driver Booster 11 PRO License.exe	29
PID 2168 wrote to memory of 2788	2168	Driver Booster 11 PRO License.exe	29
PID 2168 wrote to memory of 2788	2168	Driver Booster 11 PRO License.exe	29
PID 2168 wrote to memory of 2788	2168	Driver Booster 11 PRO License.exe	29
PID 2788 wrote to memory of 2776	2788	cmd.exe	31
PID 2788 wrote to memory of 2776	2788	cmd.exe	31
PID 2788 wrote to memory of 2776	2788	cmd.exe	31
PID 2788 wrote to memory of 2776	2788	cmd.exe	31
PID 2788 wrote to memory of 2680	2788	cmd.exe	32
PID 2788 wrote to memory of 2680	2788	cmd.exe	32
PID 2788 wrote to memory of 2680	2788	cmd.exe	32
PID 2788 wrote to memory of 2680	2788	cmd.exe	32
PID 2788 wrote to memory of 2660	2788	cmd.exe	34
PID 2788 wrote to memory of 2660	2788	cmd.exe	34
PID 2788 wrote to memory of 2660	2788	cmd.exe	34
PID 2788 wrote to memory of 2660	2788	cmd.exe	34
PID 2788 wrote to memory of 3048	2788	cmd.exe	35
PID 2788 wrote to memory of 3048	2788	cmd.exe	35
PID 2788 wrote to memory of 3048	2788	cmd.exe	35
PID 2788 wrote to memory of 3048	2788	cmd.exe	35
PID 2788 wrote to memory of 2568	2788	cmd.exe	36
PID 2788 wrote to memory of 2568	2788	cmd.exe	36
PID 2788 wrote to memory of 2568	2788	cmd.exe	36
PID 2788 wrote to memory of 2568	2788	cmd.exe	36
PID 2788 wrote to memory of 2588	2788	cmd.exe	37
PID 2788 wrote to memory of 2588	2788	cmd.exe	37
PID 2788 wrote to memory of 2588	2788	cmd.exe	37
PID 2788 wrote to memory of 2588	2788	cmd.exe	37
PID 2788 wrote to memory of 2232	2788	cmd.exe	38
PID 2788 wrote to memory of 2232	2788	cmd.exe	38
PID 2788 wrote to memory of 2232	2788	cmd.exe	38
PID 2788 wrote to memory of 2232	2788	cmd.exe	38
PID 2788 wrote to memory of 2148	2788	cmd.exe	39
PID 2788 wrote to memory of 2148	2788	cmd.exe	39
PID 2788 wrote to memory of 2148	2788	cmd.exe	39
PID 2788 wrote to memory of 2148	2788	cmd.exe	39
PID 2788 wrote to memory of 2352	2788	cmd.exe	40
PID 2788 wrote to memory of 2352	2788	cmd.exe	40
PID 2788 wrote to memory of 2352	2788	cmd.exe	40
PID 2788 wrote to memory of 2352	2788	cmd.exe	40
PID 2148 wrote to memory of 2920	2148	Rosa.pif	43
PID 2148 wrote to memory of 2920	2148	Rosa.pif	43
PID 2148 wrote to memory of 2920	2148	Rosa.pif	43
PID 2148 wrote to memory of 2920	2148	Rosa.pif	43
PID 2148 wrote to memory of 2920	2148	Rosa.pif	43
PID 2148 wrote to memory of 2920	2148	Rosa.pif	43
PID 684 wrote to memory of 2044	684	chrome.exe	49
PID 684 wrote to memory of 2044	684	chrome.exe	49
PID 684 wrote to memory of 2044	684	chrome.exe	49
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50
PID 684 wrote to memory of 2140	684	chrome.exe	50

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1204
- C:\Users\Admin\AppData\Local\Temp\License\Driver Booster 11 PRO License.exe
  "C:\Users\Admin\AppData\Local\Temp\License\Driver Booster 11 PRO License.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2168
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k move Assume Assume.bat & Assume.bat & exit
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2776
  - - C:\Windows\SysWOW64\findstr.exe
      findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
      4⤵
      PID:2680
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2660
  - - C:\Windows\SysWOW64\findstr.exe
      findstr /I "wrsa.exe opssvc.exe"
      4⤵
      PID:3048
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c md 9580
      4⤵
      PID:2568
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c copy /b Fields + Bronze + Pressing + Extending + Administrator 9580\Rosa.pif
      4⤵
      PID:2588
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c copy /b Processing 9580\e
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\9580\Rosa.pif
      9580\Rosa.pif 9580\e
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2148
  - - C:\Windows\SysWOW64\PING.EXE
      ping -n 5 localhost
      4⤵
      Runs ping.exe
      PID:2352
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  PID:524
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\9580\Rosa.pif
  C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\9580\Rosa.pif
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef62b9758,0x7fef62b9768,0x7fef62b9778
    3⤵
    PID:2044
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1220,i,2045424439055451837,11707171171644185297,131072 /prefetch:2
    3⤵
    PID:2140
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 --field-trial-handle=1220,i,2045424439055451837,11707171171644185297,131072 /prefetch:8
    3⤵
    PID:2464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1220,i,2045424439055451837,11707171171644185297,131072 /prefetch:8
    3⤵
    PID:1420
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1220,i,2045424439055451837,11707171171644185297,131072 /prefetch:1
    3⤵
    PID:2004
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1220,i,2045424439055451837,11707171171644185297,131072 /prefetch:1
    3⤵
    PID:1772
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1028 --field-trial-handle=1220,i,2045424439055451837,11707171171644185297,131072 /prefetch:2
    3⤵
    PID:2984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1156 --field-trial-handle=1220,i,2045424439055451837,11707171171644185297,131072 /prefetch:1
    3⤵
    PID:2776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1220,i,2045424439055451837,11707171171644185297,131072 /prefetch:8
    3⤵
    PID:3064
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3836 --field-trial-handle=1220,i,2045424439055451837,11707171171644185297,131072 /prefetch:1
    3⤵
    PID:2780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
37d14e9e162f7649ad6cf32465f10755

SHA1
ab10b4fd1fd2dbcdace3720614e2823560e227f4

SHA256
5c2acf6cdae4848b5cdfc7fa12aefef2029e2b38cc7cdd1f38aa748d7b112ee6

SHA512
2991443dae6e5c0e2cee8b2ebeec4dd8cd40c6390b3a74e8b6909ca38de853026d2f74e24ad2a524522655f2f858a4f2903d3333707f324b14453a459057a602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0dc4f88e1aa50e620405169d6337482a

SHA1
f26ff60eedc00977eb3910d9a78daf0bc3b4d18f

SHA256
bfce629d1bdb42247bbf23089731591c4a72bc0928669596092bf0e5d08f3a5a

SHA512
11623c05cd4b5b090c04c25e682e5a07a0d41b130cb6172b179cf999119fe9b48c80013cd349605de12552e74e972217b3f030e0b7284e1a346f8d8696aa7ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b9a381828cff72614063274e85c88063

SHA1
3a970282dd37d2c56da9026d72bd1ae06cb58088

SHA256
dcce2ff84c064b1e2c9a4df70319ab8e74c6d9eaee6d5da79f87b579b9515cf4

SHA512
24af18efbd8968735f1187fedc0152959c5739b08988c2f60f329b188ecc4a557e7bf371417473b939a3559f4032e8656cb510e11175dd641a8aa758cda55381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Administrator

Filesize
178KB

MD5
d8f9dd4003de34471d0797f274ebe7bc

SHA1
393aceab75a29520961e52cd0756e8971f02f72a

SHA256
db576bf9cae0e2ec38f1efbcaad5e7941b3456bc7b9ab5d3570d281937ef007c

SHA512
bc34e3ee19055353eab85ef420a8ccbba81bc8ade7f745c7e7ca6fab6ebded5ffbce01bd2fec78bc8db661e89c62f021ff375d547670eb08050ac49e07ea657e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Assume

Filesize
10KB

MD5
8c4c658f59e7e8626cf7f8a382cbe005

SHA1
7ca0681bab8878b032d2f084275a487fea690bcc

SHA256
462506a044d309cde8677030483e35b4ad323f7f93b4f82c667aa0426017bb1a

SHA512
d2077ef00c1f8753d7cd27b56aa2bcd266b046c3fe25eca58265ff0cc0e990234889eafb38cf55c16c98105cbaa785f66c4575b977958a26a0a1919069413f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Bronze

Filesize
115KB

MD5
7dea798d8550a7eb8c0dac613d328119

SHA1
3c2a6577e063b7371c52108393c8637f338c70cc

SHA256
7c418482ec85689387802871cc2bc4a031b68328a60b90122d4e3d84cea306cf

SHA512
7750be47bcdd5225dd73eb7e06c500d50b43fe961424cc6f4c09f78648848e10175b137d032d73fecd7b9cc5e6469889d98ab39735c183c3b05447e7237ca7f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Extending

Filesize
118KB

MD5
f2a6a75f93068cb427350af64f2b98a7

SHA1
e11e41958a8a3b68ff6a8a4bd126b9aff9849d0c

SHA256
28f253d9592bc6badf74dd1dbadda2d65a47e812cb2d75435b25f650cf06a9e5

SHA512
584bdb2eb53eaf86b85eff99c5f8253783421964e9ccc1d9226394b2135d75ef13d8d35369ebf569d5955fab5ba6acb98e6bf68a82a7b51a287470ac3816eefd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Fields

Filesize
293KB

MD5
b38a37e518db3dd0646287e647da2791

SHA1
80ec5fed671f51a07cc6f30a411bf91056e0e4e3

SHA256
f938df0350470599eda1c3359637627f8cc261038eb6d7438b883ce4c0722580

SHA512
5aaacfe5a3a033b9b07601b1ec1be3079d3244a2a42238cd498ff32f165bcb128a2442a84954fa92dfa3ef7bb32fd4f1013e51ff13deb222d97759c09af332db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Pressing

Filesize
220KB

MD5
96b80b99cf941e0851f2d4c6c739563f

SHA1
7cb29861f9e3c81241558eb558f7b6766b9601c2

SHA256
348fcc34733289fb855961990e9c8a7fd0d0b6841fa915b11fea3f354666cbde

SHA512
7d64d6ddfb54beb647f56dc4bcd8f71b8477046c325e5bb35d88149c55a998f69822a6572945e12a4416ea2985d73da7235cc754beddb007c36fbc96a977c35b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Processing

Filesize
401KB

MD5
f8a1fc75b3bb6e1cac4cfaa82e25b698

SHA1
ebd7573bdcbfc9ac51742d198cc3287689417cb2

SHA256
07760b8ddfaa45d173d7565e35147019b204cfa4d9009d90755f33062c8b4741

SHA512
cae5ea4f51058cb6bbb4aa70e50eec87be028a607f824ac80ee13b94dbc67489dad831900c4b45f45b79891aa9ab7b78e92748385547ebe7ac44c92f07c1013b

Download Submit
\Users\Admin\AppData\Local\Temp\7ZipSfx.000\9580\Rosa.pif

Filesize
924KB

MD5
848164d084384c49937f99d5b894253e

SHA1
3055ef803eeec4f175ebf120f94125717ee12444

SHA256
f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3

SHA512
aabe1cf076f48f32542f49a92e4ca9f054b31d5a9949119991b897b9489fe775d8009896408ba49ac43ec431c87c0d385daead9dbbde7ef6309b0c97bbaf852a

Download Submit
memory/2148-30-0x0000000000D50000-0x0000000000D51000-memory.dmp

Filesize
4KB

Download
memory/2148-28-0x0000000077920000-0x00000000779F6000-memory.dmp

Filesize
856KB

Download