38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Size

2.9MB
MD5

64bbfcc477239d6075a2709a480e4268
SHA1

c98c625146c0333a7704f62aff4f7a7f2dab134f
SHA256

38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a
SHA512

a4699aff3d3d0fb53221e213e6c867278f9f8c400bbd533d01e8398590a9d5ab645bf083b195f6d1eb5af4ff482e10d15c714e9936b15ea42f1e1b0657485e25
SSDEEP

49152:j352D+vGaXruDnXGk0wcSjLoQvoJF3306u28JaVW3aUnr+t6BjnEHx5LGLH5f235:j35E+vGaiDnXGtwcmoQvoTn0iv3xErnM

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
2720	MsiExec.exe
2688	MsiExec.exe
2688	MsiExec.exe
2688	MsiExec.exe
2688	MsiExec.exe
2688	MsiExec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\S:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Q:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\I:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\W:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\Z:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\R:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\T:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\V:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\X:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\J:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\U:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\B:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\O:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\N:	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
File opened (read-only)	\??\J:	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2444	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2524	msiexec.exe
Token: SeTakeOwnershipPrivilege	2524	msiexec.exe
Token: SeSecurityPrivilege	2524	msiexec.exe
Token: SeCreateTokenPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeAssignPrimaryTokenPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeLockMemoryPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeIncreaseQuotaPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeMachineAccountPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeTcbPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeSecurityPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeTakeOwnershipPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeLoadDriverPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeSystemProfilePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeSystemtimePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeProfSingleProcessPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeIncBasePriorityPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeCreatePagefilePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeCreatePermanentPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeBackupPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeRestorePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeShutdownPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeDebugPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeAuditPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeSystemEnvironmentPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeChangeNotifyPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeRemoteShutdownPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeUndockPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeSyncAgentPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeEnableDelegationPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeManageVolumePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeImpersonatePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeCreateGlobalPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeCreateTokenPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeAssignPrimaryTokenPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeLockMemoryPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeIncreaseQuotaPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeMachineAccountPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeTcbPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeSecurityPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeTakeOwnershipPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeLoadDriverPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeSystemProfilePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeSystemtimePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeProfSingleProcessPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeIncBasePriorityPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeCreatePagefilePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeCreatePermanentPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeBackupPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeRestorePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeShutdownPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeDebugPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeAuditPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeSystemEnvironmentPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeChangeNotifyPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeRemoteShutdownPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeUndockPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeSyncAgentPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeEnableDelegationPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeManageVolumePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeImpersonatePrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeCreateGlobalPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeCreateTokenPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeAssignPrimaryTokenPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
Token: SeLockMemoryPrivilege	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
2444	msiexec.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2720	2524	msiexec.exe	29
PID 2524 wrote to memory of 2720	2524	msiexec.exe	29
PID 2524 wrote to memory of 2720	2524	msiexec.exe	29
PID 2524 wrote to memory of 2720	2524	msiexec.exe	29
PID 2524 wrote to memory of 2720	2524	msiexec.exe	29
PID 2524 wrote to memory of 2720	2524	msiexec.exe	29
PID 2524 wrote to memory of 2720	2524	msiexec.exe	29
PID 1760 wrote to memory of 2444	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe	30
PID 1760 wrote to memory of 2444	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe	30
PID 1760 wrote to memory of 2444	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe	30
PID 1760 wrote to memory of 2444	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe	30
PID 1760 wrote to memory of 2444	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe	30
PID 1760 wrote to memory of 2444	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe	30
PID 1760 wrote to memory of 2444	1760	38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe	30
PID 2524 wrote to memory of 2688	2524	msiexec.exe	31
PID 2524 wrote to memory of 2688	2524	msiexec.exe	31
PID 2524 wrote to memory of 2688	2524	msiexec.exe	31
PID 2524 wrote to memory of 2688	2524	msiexec.exe	31
PID 2524 wrote to memory of 2688	2524	msiexec.exe	31
PID 2524 wrote to memory of 2688	2524	msiexec.exe	31
PID 2524 wrote to memory of 2688	2524	msiexec.exe	31

C:\Users\Admin\AppData\Local\Temp\38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe
"C:\Users\Admin\AppData\Local\Temp\38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\wTender_Inc\Russificator_ot_WTender 1.6.9\install\0C1D7A2\Russificator_ot_WTender.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\38843fbe092e8f29cd75dd5319f0a1a1c87086eb6a2708b9f9b6bc47d349b03a.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1708432324 "
  2⤵
  - Enumerates connected drives
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:2444

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 86F1D720DF7124BBC27D1CD9FC1727DE C
  2⤵
  - Loads dropped DLL
  PID:2720
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 575303DCF8005131994DDD34A7493C24 C
  2⤵
  - Loads dropped DLL
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MSI80D3.tmp

Filesize
378KB

MD5
0981d5c068a9c33f4e8110f81ffbb92e

SHA1
badb871adf6f24aba6923b9b21b211cea2aeca77

SHA256
b3f5e10fb1b7352a6dbbcbb10ed605a8fda24f3f9c31f954835bd5a41eb6ea68

SHA512
59cccdcde1964e61fa63078fde776eee91c462d7d3db308ada02e27e6ce584c41ad1f7970642e02ce331d805215a2cc868fb0512c01accfa70cda52e9329e1d8

Download Submit
C:\Users\Admin\AppData\Roaming\wTender_Inc\Russificator_ot_WTender 1.6.9\install\0C1D7A2\Russificator_ot_WTender.msi

Filesize
1.3MB

MD5
6467a24f8459236d13ee749e13dbc954

SHA1
4afca6409e413a8c562ab7494c53230844a09ba7

SHA256
ee412f700dd5ebab2b40288baff4c81a5be1b9846c1082e3be8ec8b71647593f

SHA512
83ff90af76e137e931502136d779b4e164a250a027abecce6e9c75e1deed9c55abf4ca15c147152f221aaa6492b6b89db14103e6e0aa30c22d52e653be56be2d

Download Submit
\Users\Admin\AppData\Roaming\wTender_Inc\Russificator_ot_WTender 1.6.9\install\decoder.dll

Filesize
202KB

MD5
2ca6d4ed5dd15fb7934c87e857f5ebfc

SHA1
383a55cc0ab890f41b71ca67e070ac7c903adeb6

SHA256
39412aacdcddc4b2b3cfeb126456edb125ce8cadb131ca5c23c031db4431c5fc

SHA512
ce11aa5bd7b0da4baf07146e8377ff0331c1d4b04aaa4408373b4dd0fe2c3f82c84b179d9a90d26cdaa02180f22276d96cf491f9ede66f5f1da6f43cc72e5ac4

Download Submit
memory/1760-0-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1760-41-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download