1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596

Resubmissions

26-03-2024 14:35

240326-ryecksfd5y 10

26-03-2024 14:27

240326-rse2xsfb8y 10

Analysis

max time kernel
429s
max time network
362s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
Size

2.2MB
MD5

f5f2f6c370db4b38bdf8032ea3ef2a64
SHA1

b5e188540539bc2b1d128f408160fa91e724c84b
SHA256

1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4
SHA512

f2216faac5d07fb2d6f3faf6cf1e18e94c0ada8aba35a8d2d8491efd1ada526d5358a592b6877a9783cc9b5e81dd54fec8b9969ffd650c0f8aff2e3243dbe18c
SSDEEP

49152:UtAZanCoV4BdnctNbS/iXmYjlV8O7pzTs8OYFFxZbVybdXERd:9x6Mdn0p7pzTsQR

Score

8^/10

spyware stealer

Malware Config

Signatures

Drops file in Drivers directory 35 IoCs

description	ioc	Process
File opened for modification	\??\c:\Windows\System32\drivers\etc\services	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\UMDF\de-DE\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\UMDF\en-US\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\es-ES\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\fr-FR\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\UMDF\de-DE\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\UMDF\it-IT\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\de-DE\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\drivers\etc\hosts	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\it-IT\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\UMDF\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\UMDF\es-ES\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\UMDF\ja-JP\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\drivers\etc\networks	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\ja-JP\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\UMDF\es-ES\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\UMDF\fr-FR\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\UMDF\en-US\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\de-DE\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\ja-JP\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\etc\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\UMDF\it-IT\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\UMDF\ja-JP\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\drivers\gmreadme.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\it-IT\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\UMDF\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\UMDF\fr-FR\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\en-US\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\es-ES\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\drivers\fr-FR\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\SysWOW64\drivers\gmreadme.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\drivers\en-US\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\drivers\etc\protocol	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	\??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Windows\System32\tcpbidi.xml	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\de-DE\Licenses\_Default\StarterN\license.rtf	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\Amd64\EP0SBT00.XML	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpc4300t.xml	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\InstallShield\setupdir\0003\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\es-ES\Licenses\_Default\ProfessionalN\license.rtf	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\migwiz\PostMigRes\Web\base_images\WindowsPhotoGallery.bmp	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_neutral_e91a5dc0655e200a\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnin003.inf_amd64_neutral_3a3c6293d0cda862\Amd64\IF22556.GPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\prnlx003.inf_amd64_neutral_d1510a8315a2ea0d\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnsv002.inf_amd64_neutral_6ca80563d6148ee5\Amd64\SVC1506.GPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\SysWOW64\en-US\Licenses\OEM\StarterN\license.rtf	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\wbem\AutoRecover\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_Automatic_Variables.help.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\es-ES\Licenses\eval\HomePremiumN\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\Setup\en-US\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnky007.inf_amd64_neutral_e637699044f367f3\Amd64\KYFS5020.GPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_neutral_1c5bc8e71eb90127\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\migration\WSMT\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\Setup\fr-FR\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_prompts.help.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpd4100t.gpd	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\SysWOW64\it-IT\Licenses\eval\Professional\license.rtf	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\ja-JP\Licenses\_Default\Professional\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\migwiz\en-US\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_PSSnapins.help.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\System.Management.Automation.dll-Help.xml	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\zh-CN\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\it-IT\Licenses\_Default\EnterpriseN\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\WindowsPowerShell\v1.0\de-DE\about_WS-Management_Cmdlets.help.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\WindowsPowerShell\v1.0\es-ES\about_WS-Management_Cmdlets.help.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\about_wildcards.help.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\WindowsPowerShell\v1.0\de-DE\Microsoft.PowerShell.Commands.Management.dll-Help.xml	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\config\RegBack\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\en-US\Licenses\_Default\Starter\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnhp003.inf_amd64_neutral_4480210763997eb4\Amd64\hpj3500t.gpd	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\lsi_scsi.inf_amd64_neutral_cfbbf0b0b66ba280\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_neutral_413d17c790177eef\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\Amd64\EP0LVPA8.GPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\nl-NL\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_neutral_14cb440c800fe9fe\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnep00b.inf_amd64_neutral_2e6b718b2b177506\Amd64\EP0NGJ7J.GPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\WindowsPowerShell\v1.0\it-IT\about_jobs.help.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\es-ES\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\ramdisk.inf_amd64_neutral_798b5d4dd3f22a07\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\fr-FR\Licenses\OEM\StarterE\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\brmfcsto.inf_amd64_neutral_2d7208355536945e\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_neutral_4616c3de1949be6d\Amd64\MSXPSINC.PPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\en-US\Licenses\OEM\EnterpriseN\license.rtf	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\es-ES\Licenses\OEM\HomePremium\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_neutral_ecf5cff2236b273a\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_neutral_2bfa4ea57bd5d74a\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Comment_Based_Help.help.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\ias\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\fr-FR\Licenses\OEM\HomeBasicN\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnkm003.inf_amd64_neutral_48652cda3bb15180\Amd64\koc353X.xml	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\LogFiles\Fax\Outgoing\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\SysWOW64\ja-JP\Licenses\_Default\ProfessionalE\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\System32\DriverStore\FileRepository\prnbr005.inf_amd64_neutral_9e4cc05e0d4bcb33\Amd64\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnbr006.inf_amd64_neutral_f156853def526447\Amd64\BRH538DN.GPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\oobe\it-IT\vofflps.rtf	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnle004.inf_amd64_neutral_beb9bf23b7202bff\Amd64\LN4171E3.PPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\System32\DriverStore\FileRepository\prnok302.inf_amd64_ja-jp_708c81a8b0ad8846\Amd64\OK1032_1.PPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Australia\Adelaide	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\MEDIA\LASER.WAV	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files\VideoLAN\VLC\plugins\stream_out\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Etc\GMT+7	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14582_.GIF	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\gadget.xml	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\Microsoft.Office.InfoPath.xml	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02291U.BMP	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR31F.GIF	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\SIGN.XML	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\NOTICE	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\ug\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\PREVIEW.GIF	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\PREVIEW.GIF	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178932.JPG	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BANNER.XML	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files\Windows Journal\Templates\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0148757.JPG	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL104.XML	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\THMBNAIL.PNG	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePage.gif	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN107.XML	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\te\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files\Windows Portable Devices\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Oriel.xml	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\is.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\EURO\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_zh-tw_21f3781ebd2249c7\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\Peacock.jpg	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\Windows Error.wav	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-d..ocker-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8ed8b37006b00933\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-n..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_es-es_71a96a69df01133a\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-s..es-common.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c0c8cb9b8930ebfd\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_ar-sa_7bcff8687ea72b03\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_prnhp002.inf_31bf3856ad364e35_6.1.7600.16385_none_2f4e6f72537f8faa\Amd64\HPO3200T.GPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bd4e42dea9453103\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-e..rding-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_27f4507e6ef6c2dd\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-l..ostic-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_79e5243a4420267c\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-c..r-name-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1522a221b71a5bb9\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_ts_wpdmtp.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d1b83df1258c379c\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Vb0a86591#\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\Media\Windows Ringout.wav	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5b0078129ae2bf07\404-11.htm	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\PLA\Rules\de-DE\Rules.System.Configuration.xml	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-t..cognition.es-ar.ale_31bf3856ad364e35_6.1.7600.16385_es-ar_81ae303cc19d17f7\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-devinst-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4f2f4bb02bad4db1\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.1.7600.16385_none_3f5a28502b37c577\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_prnin003.inf_31bf3856ad364e35_6.1.7600.16385_none_11a5503ce5abb7ec\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_29b7ce69634b90ae\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_it-it_ecf6913dd55d9022\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\assembly\GAC_MSIL\System.Speech.resources\3.0.0.0_it_31bf3856ad364e35\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\0261a298f938ba71a7aab6f91dad326d\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\a53a2767e448aef90b345af1339d4c9a\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\Media\Delta\Windows Print complete.wav	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.xsd	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-s..solitaire.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0ff80c3f3c8c2d68\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_prnnr004.inf_31bf3856ad364e35_6.1.7600.16385_none_ba2d2131f8a32d84\Amd64\NR1371E3.PPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_hpsamd.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8e23b0fef6b01647\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-ehome-ehdebug_31bf3856ad364e35_6.1.7600.16385_none_8bd2a8c89bf31042\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_lt-lt_305b92be267e25cf\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_monitor.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_01ecd84a8442d173\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_sbp2.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0f92ac6d4f4b9b71\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.StackTrace\v4.0_4.0.0.0__b03f5f7f11d50a3a\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_ks.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_792000264b759049\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\settings.html	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-help-secpriv.resources_31bf3856ad364e35_6.1.7600.16385_it-it_d97e8b3e5a4f18fd\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-u..dem-voice.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ec70662fc15a0fe8\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_prngt003.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4e7c585ff6bf2b39\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_prnhp005.inf_31bf3856ad364e35_6.1.7600.16385_none_30e9a6119eda44e5\Amd64\hpc4600t.gpd	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\Media\Windows Hardware Remove.wav	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-setup-events.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_fd3fe6d681ac1c99\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_server-help-chm.iismmc.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8110c917539b8af0\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-s..ion-agent.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_dbf410c67f37f9c0\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_prnbr002.inf_31bf3856ad364e35_6.1.7600.16385_none_49c93aa2c4304e9e\Amd64\BRF2580C.GPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-help-movie.resources_31bf3856ad364e35_6.1.7600.16385_es-es_80a9260803385e6d\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-s..estore-propertypage_31bf3856ad364e35_6.1.7601.17514_none_e907844a97552799\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_microsoft-windows-usertiles_31bf3856ad364e35_6.1.7600.16385_none_f385bacaa98d1e8b\usertile29.bmp	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_a3c349b4bdac0898\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-b..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_6c99918b70a0dfca\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6676e06742a646be\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_iirsp.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2f03986c15a2abe0\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-n..ction-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_221286bd2e58ee75\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_prnep00d.inf_31bf3856ad364e35_6.1.7600.16385_none_ae3f8d47fad9c2a7\Amd64\EP0NGN8H.GPD	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\5d7e85e3ad81826e2e1d7131284c63fe\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_6.1.7600.16385_none_7582a4a93f08b488\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-h..-medexptv.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_108e136bd8ccaa8d\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File created	\??\c:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\Dont_Worry.txt	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
File opened for modification	\??\c:\Windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bg-desk.png	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3048	1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

C:\Users\Admin\AppData\Local\Temp\1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
"C:\Users\Admin\AppData\Local\Temp\1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\Dont_Worry.txt

Filesize
738B

MD5
7854423ffc1ddebaf6d2aa0319df9da6

SHA1
102f885e12ab54c45788d080dfbfc259719c8897

SHA256
d00e18a6aabc9c410cf6ed54974e57d13a29d30cf561e21f3f2d6155fbc2a07d

SHA512
0d7b9473e003df7184d88c57c1f2a82c7afce00c560c8b8bf3d111551e89a0b651ec1fbccad8d6aa7042bcf23ba96a804cbc3b5b73466ea8b74bc18f2cc8345d

Download Submit
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

Filesize
248KB

MD5
fbd8de26be32c2bfc425e6d404a7349a

SHA1
4a944eab93d2513b91691f80c79186820d0668e4

SHA256
d4b9b40e832509986474e3f547d91b262c745e3f919c47c6d7a38c54e7331aa8

SHA512
0e845292d0dac0ba89cedcd2a433f54267298cb3fa2bce4e105b7bcad512feaffb1f590f469967b5abce11ae89be1633734f797f85441c256b52557ca8ab8606

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
13KB

MD5
e79579e6b16c40200c3276ba4da785ff

SHA1
44175d998f514f4792beba6272f9a388167c2345

SHA256
69f41601201a3bfcef79f9848ec5f40992285f97e5d7eb6dd3f904bc1dfd07cc

SHA512
0065d956b568e51c90807fa64cb743d798d63b38432d33c938a215f35ea4728aae84de9dde1035d72a604846f2fcf572874779723bfc7a9e8a3c98250ba6ea9b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
10KB

MD5
c6ab79a441d4c0a715e60cfbe15b5058

SHA1
21db02c84aeb655b3232a87aaab321c5b30ee171

SHA256
dedd3e0219e127d3f5228a1173864421f73d179b2b170a98f025275abf44fe94

SHA512
4984bc9c385d4fa8d50c4d72b65acf1544f4e184a7e1babf7e19b73877f807865c64907d11da3c72f12394d26179dd06d6c9e0679ef1ba7fe01dfec72020860f

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
12KB

MD5
eba918cbb25a45f7133c49301e33e04e

SHA1
87bd3502b4e0a35c63e7f981440e62af3dda3acc

SHA256
cab4aca8a062ee205bd3d5bd0ee3c8b0794bb6b532c99afe7f277f9c42a78eda

SHA512
36e94830cc6558607673bbd6f8053ec61f32cbd9da2bf6ee91606c03e1b53f4da24223498b88d05209fbc6b7e3b856b4829e5ef009a530a6396620ac7f1120cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
9KB

MD5
267e60e46223eecc3952223803be9e29

SHA1
643f71bdf3b0085d394cac8e505adc998b4e870d

SHA256
f86e54c95e1021b1d942a9bcbc3ada5447d605aa9f001b12ed3e54b9b23b20d2

SHA512
bb71acce28d32ae07fc15c980420e4f0fd88af778cc6c828439da282312578caa0d0c8c4f6471983f273d6ce4f48a39fd13213f5648e26ecd5485b5729e8e2ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
9KB

MD5
218b2a6379c46952edf076af1526c2bd

SHA1
d39820a99c16e5917428595e9c795f13473389e1

SHA256
43ef55935f4c4cc99b61ea3217edc3425f70850fe3a7f60e1eb389888e450b4f

SHA512
a2a6a8bfa5ef632f79ed42957df2d4db4111b621399f1a8320d1c97cf0744512b07ce8d01c1c0725666dd007eb4dd337ce740406497e4c9f588842d281090d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
265KB

MD5
53d3f6005f1b2e50d88ec3dc286e6088

SHA1
7e7b1125b03624edf7be5623b197ef2b12a57d8c

SHA256
43f356fb8e83a6aa4579d7c1af8efad6078ca93575236fa6c07db18d6806410c

SHA512
aca5269bf5e773629b73725793506ee4d636cbe753f537e2ab2054d1821a77892d4ea9cfeb1391558ecc3d3414e71e14be76bb749b4b8bdf34a95d5111948e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
9KB

MD5
1dcaaef27532e02eadf6994f7b26b85b

SHA1
6f9897b981ce115c6bfb69d0c50d3b8d8933ebf6

SHA256
5464e4fc30fbaea6871253faef2bd92d88a711a21cd9b517d43f1ca9da24a5bb

SHA512
368e6020486becda31114bcecc1103d2afacbb04fc86f93cd9dd2baaf2c06eabd7a65efe0d1b457b65af86031c11582d5c984dcf841df9e82d012a45cf94be1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs

Filesize
2.0MB

MD5
c8ebbd472ec0ffffd28205464666e88d

SHA1
496c7a4678148b6b743ee48f5edf6729e6e45cf2

SHA256
66709ef57b7f565158720f06156af858cfb9ccad3b801562d5c8d9841b20606e

SHA512
526eee07d9139cfec260902150ddea65c47ed839c73f8f2066c45b17766e371404e5519cfa2cac26a96e86755d55a981115d0d4d0fffaeaf88a50bdcd2e627c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

Filesize
49KB

MD5
f7113b2f43a04edbfb169a3d2e7f17dd

SHA1
e154ef21819b700428da8bf7f6d69074b0b623ae

SHA256
679ac97e11c34bc685f1aa707452868b21c658e86b00140ed89bbac153f853d7

SHA512
547ec057b9a1aef2690fc5ccd626a1a98d22ef0bb022eea58f2605996e2d495cd6c48843d1706550df0e9cf461e4075c0f0aca3a5f3299f14372fba83efa0467

Download Submit
C:\Windows\Microsoft.NET\Framework64\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
14KB

MD5
c4dbbf60c0006800cc0c3aeba032f481

SHA1
01dca82226ccf0fe40e408933326d86a7a7c00b7

SHA256
25d0311e2ec8ce1fa6775d15cce3910a35a02c5b8a6233dfe26ea84ec5a93b49

SHA512
f206b851a584504e201d4bb4792cc88d0fa37db40465df276c5d7fd3944a5d2c304a78ba81077882d57b64161ae63272c0b879c28872534665a93412f1e5cb2b

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
14KB

MD5
25e50f2c3570bfd8ba079a049238a414

SHA1
b596ddff27de134e198dac00b4f470bc0911aec9

SHA256
4e679416c02bceaf9456b7ca42cba708d550a94022173824a471e582822db56c

SHA512
196df5b41405e93839f693369cce857c759348f1a7033589e1c6f3102fe922ccdc7a1b1174b3e355d262a76772afb9fa0ba7d6580c6dadc348edde97e28567ab

Download Submit
memory/3048-6016-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-15371-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-9525-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-4414-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-11134-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-13668-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-2644-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-536-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-14923-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-7834-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-15489-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-15520-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-15903-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-16085-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-16405-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-16414-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download
memory/3048-16421-0x0000000000400000-0x000000000064A000-memory.dmp

Filesize
2.3MB

Download