Overview

overview

10

Static

static

10

f247ae6db5...cb.exe

windows7-x64

10

f247ae6db5...cb.exe

windows10-2004-x64

10

Resubmissions

08-06-2024 15:19

240608-sqmvesch2s 10

06-11-2020 15:33

201106-nz68d98cw2 10

Analysis

  • max time kernel
    153s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-06-2024 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f247ae6db52989c9a598c3c7fbc1ae2db54f5c65be862880e11578b8583731cb.exe

  • Size

    212KB

  • MD5

    723825ad69a5d55a1e5ed3d1ee831f0d

  • SHA1

    7e082df63c3de0f8bf9d38edf72ba5268078275a

  • SHA256

    f247ae6db52989c9a598c3c7fbc1ae2db54f5c65be862880e11578b8583731cb

  • SHA512

    dbd1fd80c8e1224c79ecea419919df3590186c95bfd2f606d6573d759374bc54db8331478207e3b543114431c2ed8eede83b7eca74d4313e7dee16bd527c2c78

  • SSDEEP

    6144:tia1gMH2EXtAup5Qnqn64DQFu/U3buRKlemZ9DnGAe+hsO6a+8:tIMHxGe5Qb4DQFu/U3buRKlemZ9DnGAb

Score
10/10
balaclavazeppelindefense_evasionexecutionimpactpersistenceransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\RECOVERY DATA INFORMATION.TXT

Family

balaclava

Ransom Note
Hello! If you see this message - this means your files are now encrypted and are in a non-working state! Now only we can help you recover. If you are ready to restore the work - send us an email to the address [email protected] In the letter, specify your personal identifier, which you will see below. In the reply letter we will inform you the cost of decrypting your files. Also from your servers files, documents, databases SQL, PDF were uploaded to our cloud storage After we agree, you will receive a decryption program, as well as all your files on our server will be deleted. Otherwise, they will fall into the open access of the Internet! Before payment you can send us 1-2 files for test decryption. We will decrypt the files you requested and send you back. This ensures that we own the key to recover your data. The total file size should be no more than 3 MB, the files should not contain valuable information (databases, backups, large Excel spreadsheets ...). Please be sure that we will find common languge. We will restore all the data. Email to contact us - [email protected] Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. Your personal ID: 304-BAC-7BC

Signatures

  • Balaclava Malware

    Balaclava malware is a ransomware program.

    ransomwarebalaclava
  • Detects Zeppelin payload 17 IoCs
  • Zeppelin Ransomware

    Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.

    ransomwarezeppelin
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (3439) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\f247ae6db52989c9a598c3c7fbc1ae2db54f5c65be862880e11578b8583731cb.exe
    "C:\Users\Admin\AppData\Local\Temp\f247ae6db52989c9a598c3c7fbc1ae2db54f5c65be862880e11578b8583731cb.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3540
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe" -start
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Suspicious use of WriteProcessMemory
      PID:3712
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3308
        • C:\Windows\SysWOW64\Wbem\WMIC.exe
          wmic shadowcopy delete
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3544
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
        3⤵
          PID:404
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
          3⤵
            PID:3052
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet
            3⤵
              PID:1864
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet
              3⤵
                PID:3332
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat
                3⤵
                • Suspicious use of WriteProcessMemory
                PID:2300
                • C:\Windows\SysWOW64\Wbem\WMIC.exe
                  wmic shadowcopy delete
                  4⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1760
              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
                "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe" -agent 0
                3⤵
                • Executes dropped EXE
                • Drops file in Program Files directory
                PID:3096
              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
                "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe" -agent 1
                3⤵
                • Executes dropped EXE
                PID:4340
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
              PID:3084
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
              1⤵
                PID:2204

              Network

              MITRE ATT&CK Matrix ATT&CK v13

              Initial Access

              Execution

              Windows Management Instrumentation

              1
              T1047

              Persistence

              Boot or Logon Autostart Execution

              1
              T1547

              Registry Run Keys / Startup Folder

              1
              T1547.001

              Privilege Escalation

              Boot or Logon Autostart Execution

              1
              T1547

              Registry Run Keys / Startup Folder

              1
              T1547.001

              Defense Evasion

              Indicator Removal

              1
              T1070

              File Deletion

              1
              T1070.004

              Modify Registry

              1
              T1112

              Credential Access

              Discovery

              Query Registry

              2
              T1012

              System Information Discovery

              3
              T1082

              Peripheral Device Discovery

              1
              T1120

              Lateral Movement

              Collection

              Exfiltration

              Command and Control

              Web Service

              1
              T1102

              Impact

              Inhibit System Recovery

              1
              T1490

              Resource Development

              Reconnaissance

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files\7-Zip\Lang\RECOVERY DATA INFORMATION.TXT
                Filesize

                1KB

                MD5

                2a0527d06f8d54ffff394a617e01cc96

                SHA1

                0cb3978290eefb1564384d37b9e4a0cef69e4521

                SHA256

                f6fe8a339dc94d3f03281f167f9fba13f9586e45faaff8c5762bb706e1fd9718

                SHA512

                e15cc16d44a371461f5b8a28a675b248c93103f31c3e1f1cf50a772b3e5baf83da92e2c114b81c6085154040d02fa86669165a2fe84afaa41ed30115bd078531

                Download Submit
              • C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX
                Filesize

                292KB

                MD5

                6b796ca92b7681dd3f0fef6f23f660d6

                SHA1

                191096b3a61d67607286cd78958a32271dc02ca1

                SHA256

                8f5d4e8fdb88c190364532f991154c802adc6f3dfbef0ba237f81b59de7bf76e

                SHA512

                10846b584a2d1220623e6ced7edcbeea1a158e41059b8e219ff505c56824d532e1c97e5321cabda996fc116066af64736a0733ed4d6e04a350346d9e8bc28250

                Download Submit
              • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp64.msi
                Filesize

                2.4MB

                MD5

                7bd77637d0677c1a3a70b7cd55e6910f

                SHA1

                7a585a2a117090e25ee9c52bb8c3b937c0779422

                SHA256

                c33dcb85107d7b8be09e26f44c7239fe0492e25f922f4d13195c5ed051f1ff1b

                SHA512

                fb9de4ebedc7451db6e1f898e0a53dbc448f77308973b2a88d2ca0220baefe968c8c25f0083b8f523ca51276f80e67411cabea0d969d9ceac78b4e75289d83ae

                Download Submit
              • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe
                Filesize

                62KB

                MD5

                299748178fd5927ea6242752b4803849

                SHA1

                9c0cf5248eb29bddf589c1cacac7c6a56e52010f

                SHA256

                7bbebd2a34047217d2880f9fa86eb14f3f8b686e561cf0d70c0ec1fc479e3107

                SHA512

                2c2c37ea7f65ddbba2cdfcfbb49e92ef8e300ce9aee617d4249a5592ecc36b7e5acef0b22eda6b7ad87340ad4a7e68fb4eb34248195221129527c82176e88919

                Download Submit
              • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe
                Filesize

                1015KB

                MD5

                fa3ac699024df40e076d98739e088ce4

                SHA1

                8d410563ddb51dbeb262b2b47402ed069812e18b

                SHA256

                39ffeeb975683fd755c12e5a37a2d9f96e8072fc892ca5e9b483cd0da315a115

                SHA512

                dc34c8c355dc3e7e65d64e423d0b34ee5f29e95277cc9579ed7b5e4929f276ba9cc9be02a2baef0e8a9b8fe1f7123399fa1d58b81aa5941472e3e488ff9e8b93

                Download Submit
              • C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo
                Filesize

                604KB

                MD5

                4e10dc48fdc5f8cfdd4a1667c5c1628f

                SHA1

                def34f1d4a201da1b9f25b669389e607c27f2276

                SHA256

                a7223b7ef70f11ac4d7e7ea088a4434cbdce094e428ab91451d66e71eca640e8

                SHA512

                1d118107bd5d0cc2e7ff50348ea71335d5cdd0a162a7c487707a8c10589ecd4d39cf890a37e027b20a1393f21215e053ebe4aba9719d1ca5c136622d4a591e93

                Download Submit
              • C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo
                Filesize

                606KB

                MD5

                446a43c2cf880118e116f23e6ab19253

                SHA1

                d50a8029ec2db98403dacc02815a55481c85e3a5

                SHA256

                aabddb92cb8ec58b482a20c7b14ed338daa99b02752dd8105a2409fb1f4d5284

                SHA512

                843c1080c08afd2dad6e99e0068875d3a6ec3cf6761846634db247d226bd5c2448f8b439cb7060d44accbbca5c8440f70a76f7331184d3855fec15094e724f54

                Download Submit
              • C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo
                Filesize

                785KB

                MD5

                aed8719d33f193f3efcbbcd13c0189d9

                SHA1

                a4c99135e7790b41be96c3db69791021a96ea599

                SHA256

                587110551de817acb4ae4bd0872ccaadbca7f75eb7d0a9362d71cc1bf1b1de20

                SHA512

                bd638b2e986cf7e19f7aa152b6631275a61567e21ab584ab00e4bb145063354e4f2a9f82b8b2f5936a46e189b2d041efe820d63c47b25e937108eb98170feed6

                Download Submit
              • C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo
                Filesize

                587KB

                MD5

                e6e434ffb04e959be4325f5bb960cce8

                SHA1

                4ab54cd7ea86988572545ffbab09ea5644c790f6

                SHA256

                9a4be1a95f6d8e65bb937c327c0ccdc5b49c1f9ab409616b94126ee7c3021c01

                SHA512

                73b8446a338a382435e25614cefa7f40beebe792ee3088361389847e8fa1192203bcc25e7de6c12bd54b44444e0bb56917b01365be4ef21b27205df07d5c3b0f

                Download Submit
              • C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo
                Filesize

                527KB

                MD5

                e52ed69b8da54e38c7060ec724f26e8d

                SHA1

                203c54e31cfec3f175803b0c6fb5105036aa830d

                SHA256

                ab752e8c275369b39ef84776d95f92248d783f9c6e2df64a3096e83ffd03aaba

                SHA512

                1f6ad587accbd52b3196b7f93bf8d5b1ea8de57c4d10f381b121c998dae635acdf07466e6fe9276a92c10be46e00d8a8523f9ccf6b2b798001a3f09aa61ae88b

                Download Submit
              • C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo
                Filesize

                621KB

                MD5

                5526fffc7a8aaa7e8e3e039e430876c0

                SHA1

                60fba52c52b294ceee11b32e517ebf07b4bd28b9

                SHA256

                6902555147627541e1ce1b01ee602bcaf61f5ced55b15f13d7b869e77cc2c883

                SHA512

                4a4379dd5738310d1c65489d0a5f0d09831ac55953dbcf5b3d25a8d5c63de57160d14b298637ff579239bf315f4e34b74d398494baef052af8eb05c04207fc75

                Download Submit
              • C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo
                Filesize

                771KB

                MD5

                0735301b1e60778012d798d5043c4e16

                SHA1

                d6d0e0363bab619d3c1bb64fbaeb0d1e4ebcbe6e

                SHA256

                a0dbbdfeee6456295e993621e3cd6e6eabf132e2b5a9370d80a2f1149825a508

                SHA512

                33b9b0939a2b9d4e66c733318f563b6428dd131039b8dab6d2637c2bdd4f392661f4127620c91fae59220fec99377723b5f18bf463b073a9f3c88f37fd2bbd01

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CB
                Filesize

                2KB

                MD5

                6bfced3d108f9e5aa027f414cfe238e0

                SHA1

                8a2ed4d19bd317e6ee0e7d25facd84955d1f5eb8

                SHA256

                0b38c2b473c1e02da927633233632da350f216e558cffdcd8da705d6d376ef9a

                SHA512

                0599eebdb98cad52c6087a081449477f38c62cb76fa2bc60797574c329769063dff6f7ccbb8912bfe95467c4fe361a64fba86e0861bc401f36c364ac0ae660c8

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\204C1AA6F6114E6A513754A2AB5760FA_3F2A9DB42365395CA97CFD2FA38D17E4
                Filesize

                5B

                MD5

                5bfa51f3a417b98e7443eca90fc94703

                SHA1

                8c015d80b8a23f780bdd215dc842b0f5551f63bd

                SHA256

                bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

                SHA512

                4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B1230D967FD647CD5194F3FFA6C7E7E4
                Filesize

                144KB

                MD5

                66b6a26fc52329aef1228a78776ad59e

                SHA1

                c31d1841e1f555b1f7b475368e2d515fa7753324

                SHA256

                bb9b8cccfaf1896caf4533e139bf9e8278f3451b20f3244e4a540f45432c8166

                SHA512

                b834697654cedf2a59b2eb1ebd9f5f98c4c42c48359f051d969235e148a5f32b7ecc5073dec72b880328714c5445e7da3053596fb6b8db0cf1118f59f96978be

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
                Filesize

                1KB

                MD5

                4364933eb6dd73008e0616e0cf50c1d1

                SHA1

                d3c132bc1398039890f604587533015045dc3733

                SHA256

                de15c1206295e29c2f646e44c26be75afe8e9ddc121f0a12c5097f2546f2e9ac

                SHA512

                63372c5abfe5066a4365184a1d5af1716b8296ac3630cde403ec0f86e8df59014d3f9facee4fb9c0fe87baa9202466984575f3acf436e00b3ee3830adb78c51f

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CB
                Filesize

                484B

                MD5

                81445bde639b2f633179a3111a62b07a

                SHA1

                1d51948e1820f8816c7efeebe6053d45ea893907

                SHA256

                bb4ec653c46621fff105ea7d471b08888e14d261fbc9bc02348b0d7d224e1b51

                SHA512

                51901adcfc0820d40ddd7dd53421550191f0f9f7f05b3ee8163334febbd820b67323ac62e34abe061373a33885b0f4d9b5be4b2677f3be0e3d3411bf7cd01d68

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\204C1AA6F6114E6A513754A2AB5760FA_3F2A9DB42365395CA97CFD2FA38D17E4
                Filesize

                402B

                MD5

                bf4492703279f8fd817155f62154f29f

                SHA1

                28da19a7bd4ed32141a38fb177385841936cdbe7

                SHA256

                2f0ba1c8a71222a8409472698ffdb09097b85e1af40054962f82c6cb0e659cd0

                SHA512

                ef7070d0fe1269eb56e3452b37bbad829b558cd378cd54afa969edace0441f429f569bc0adaab23cca88cf75e80a755572aa9dc347acb7f036dedcd6b6cffc68

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B1230D967FD647CD5194F3FFA6C7E7E4
                Filesize

                292B

                MD5

                413d81ff6f6e36312a79a1ff7a42ad7d

                SHA1

                804a23bfd4b805a58081b58519638d530af37d72

                SHA256

                91ba8d6ef1ed0e395a7a0a40f6f463f36fe495142d0f6d861579a8e249e9e3a4

                SHA512

                fe47f4d39f5d9ce98efab331f8153dc33f32be79db01e18ee66986d34a5af8a8f6aa800bc9504a0557c0ee938c258e5afc901ef048f40754827f3511a28f1689

                Download Submit
              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
                Filesize

                482B

                MD5

                9c6764be0b3fd133ef8fb543d6763b43

                SHA1

                677b92fecc34ff15fa2ea694dae62db9a6b07592

                SHA256

                8bb58a2f6398f09e957c0499a0093cde6a75a5dad61531e06667ff85bac8605d

                SHA512

                868ce3c1ffbb3ae0aa7605f0ea77eb3f9d24d01cc0c4db73e31e00cf213c8d28bcebd07c513e87559fd970283fca97b7409862d4fc6284ecdfa6d228e8c20faf

                Download Submit
              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\5ZK22BN6.htm
                Filesize

                18KB

                MD5

                46e7f28a55cdab07533424725a04b9e5

                SHA1

                48a915fe8958b0882f364b1e0ceb37e7b7948319

                SHA256

                e40cc25f9a709e182c284705b0b50b448deb4b1b81b456a633638003db77068b

                SHA512

                717be51be74aa8b36d714f35942d40c8c18bea13a49d293681e16f1b10dfbdf3887a887ca40688348eee38b10ec80c96a17c338378c315c70d4abebfd42e9076

                Download Submit
              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\K1ROHDCR.htm
                Filesize

                190B

                MD5

                6ebbeb8c70d5f8ffc3fb501950468594

                SHA1

                c06e60a316e48f5c35d39bcf7ed7e6254957ac9e

                SHA256

                a563426e24d132cd87b70d9cb5cd3d57c2e1428873a3f3eb94649cf42e37b6a1

                SHA512

                75cfab1c9f5a05c892cf3b564aed06d351c6dc40048faea03ae163154ff7635252817d66b72a6ef51c4f895eebf7728f302df51148acce2a0c285502bf13652c

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\~temp001.bat
                Filesize

                404B

                MD5

                78215698f8f9dc7941c9c287642bd02c

                SHA1

                633cd0a6c76f080cdb6e0c98034b0b5dd7283a47

                SHA256

                dc94e21e80522b2cee097064c31a7720d70a02d0c55f290d59030fd0c995cac5

                SHA512

                c0a05f8cc400855c40b8e8eb3e7f027b06553cc592eb2ab6ad0a8c33ed2d196c7eda358977edc3f34ce1fdbff30efe288725eb10ea463e622ee9eb8085e48f7d

                Download Submit
              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\spoolsv.exe
                Filesize

                212KB

                MD5

                723825ad69a5d55a1e5ed3d1ee831f0d

                SHA1

                7e082df63c3de0f8bf9d38edf72ba5268078275a

                SHA256

                f247ae6db52989c9a598c3c7fbc1ae2db54f5c65be862880e11578b8583731cb

                SHA512

                dbd1fd80c8e1224c79ecea419919df3590186c95bfd2f606d6573d759374bc54db8331478207e3b543114431c2ed8eede83b7eca74d4313e7dee16bd527c2c78

                Download Submit
              • C:\vcredist2010_x86.log.html
                Filesize

                83KB

                MD5

                5d60a18d1ab21352470a3d6d0715d67e

                SHA1

                66596edc5a07651a145658dc89052548ceebc576

                SHA256

                65f191ca53cad8135a9af6d0dfb0c7f1243a07a3ee4756f70e7e320b42e55d42

                SHA512

                86763606f7de196cee81d40cf1b7d43896cfaeeb1c2ce989b1abf3d368ef2c30deed9740163d163e7b82a0f75a3d5b9697ced423b62ef599ee338f2db82c1ab9

                Download Submit
              • memory/3096-14227-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-14229-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-13097-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-14235-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-14233-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-5009-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-14231-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-3068-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-7431-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-8919-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-1941-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3096-10665-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3540-28-0x0000000000730000-0x0000000000870000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3712-55-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/3712-51-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download
              • memory/4340-56-0x0000000000800000-0x0000000000940000-memory.dmp
                Filesize

                1.2MB

                Download