8a5ac882f4a201fc77fbe700681a0f57c549e9eb2e8fde3b99752cd7e02e3c12

Analysis

max time kernel
58s
max time network
64s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
12/07/2024, 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cardPresso1.7.70.exe
Size

200.4MB
MD5

e1b8dbb1ab54615451bd1836612ff50b
SHA1

ab62cc507b80fd061c1cea1e7f547ae83dec60a5
SHA256

8a5ac882f4a201fc77fbe700681a0f57c549e9eb2e8fde3b99752cd7e02e3c12
SHA512

ddb5d0cb43d67223d7d4c74076690023bb0a91618d932ed2e9b26ade71188288958996563b3834f2949e67f1d9075c500758d4a4a3ef9346cfaa8a0df186d421
SSDEEP

3145728:ofsCdNUsXcy3aRVnRztKvWBysOne5ph2Dhr9CEJK:ofsHy3+TdBnwRw0K

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2480	cardPresso.exe

Loads dropped DLL 25 IoCs

pid	Process
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe
2480	cardPresso.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver	cardPresso1.7.70.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	cardPresso.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	cardPresso.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	cardPresso.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver	cardPresso.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	cardPresso1.7.70.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	cardPresso1.7.70.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	cardPresso1.7.70.exe

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\.cardModel\ = "cardPresso_Model"	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Model\DefaultIcon = "C:\\Users\\Admin\\AppData\\Local\\cardPresso\\cardPresso.exe,0"	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Template\shell\open	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\.cardScript\ = "cardPresso_Script"	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\.card\ = "cardPresso_Document"	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\.cardBackup\ = "cardPresso_Backup"	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Backup	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Backup\shell\open	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Script	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Script\shell\open	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Template\DefaultIcon = "C:\\Users\\Admin\\AppData\\Local\\cardPresso\\cardPresso.exe,0"	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Template\shell\open\command	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\.card	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Backup\shell\open\command	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Backup\shell	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Model\shell	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Backup\ = "cardPresso Backup"	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\.cardModel	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Model	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Model\ = "cardPresso Model"	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Template\ = "cardPresso Template"	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\.cardScript	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Script\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\cardPresso\\cardPresso.exe \"%1\""	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Document\DefaultIcon = "C:\\Users\\Admin\\AppData\\Local\\cardPresso\\cardPresso.exe,0"	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Document\shell	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Document\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\cardPresso\\cardPresso.exe \"%1\""	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Model\shell\open\command	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\.cardBackup	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Template	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Script\DefaultIcon = "C:\\Users\\Admin\\AppData\\Local\\cardPresso\\cardPresso.exe,0"	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Script\shell	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Template\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\cardPresso\\cardPresso.exe \"%1\""	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Script\ = "cardPresso Script"	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Document	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Document\ = "cardPresso Document"	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Backup\DefaultIcon = "C:\\Users\\Admin\\AppData\\Local\\cardPresso\\cardPresso.exe,0"	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\.cardTemplate	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Model\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\cardPresso\\cardPresso.exe \"%1\""	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\.cardTemplate\ = "cardPresso_Template"	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Template\shell	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Script\shell\open\command	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Document\shell\open\command	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Document\shell\open	cardPresso1.7.70.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Backup\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\cardPresso\\cardPresso.exe \"%1\""	cardPresso1.7.70.exe
Key created	\REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\cardPresso_Model\shell\open	cardPresso1.7.70.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3580	cardPresso1.7.70.exe
2480	cardPresso.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3580	cardPresso1.7.70.exe
2480	cardPresso.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3580	cardPresso1.7.70.exe
3580	cardPresso1.7.70.exe
2480	cardPresso.exe
2480	cardPresso.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 2480	3580	cardPresso1.7.70.exe	83
PID 3580 wrote to memory of 2480	3580	cardPresso1.7.70.exe	83
PID 3580 wrote to memory of 2480	3580	cardPresso1.7.70.exe	83
PID 2480 wrote to memory of 2356	2480	cardPresso.exe	87
PID 2480 wrote to memory of 2356	2480	cardPresso.exe	87

C:\Users\Admin\AppData\Local\Temp\cardPresso1.7.70.exe
"C:\Users\Admin\AppData\Local\Temp\cardPresso1.7.70.exe"
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Users\Admin\AppData\Local\cardPresso\cardPresso.exe
  "C:\Users\Admin\AppData\Local\cardPresso\cardPresso.exe" /FIRSTTIME
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks SCSI registry key(s)
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cardPresso1\C320\C320_zip\resources\C320ColorMatch.dll

Filesize
540KB

MD5
7fabe7834e08415605c6a3e5a3a65dda

SHA1
46b661e0fda041e5ef963e9ac2adf3ba118c2d80

SHA256
cb3d8192e256e6511902e63fce073cb87f2205f3147254e8ab0dfe5f2585ed30

SHA512
b387f7692763e23dccb37b11934223e9bf51c9e9386649b783ace1569e96a4ebf4e00bbbc3da702f726e2b7923a0662df3c5b2edf9c3ec6d073651c32e4c4e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cardPresso1\C320\C320_zip\resources\C320UsbCtrl.dll

Filesize
40KB

MD5
2b2eb9d42e981311efc304f4fcd2f4ac

SHA1
0e903dc0ee4e378661090d812f2412043bba404a

SHA256
5988f3719b8f6088dbb41d944777db23371941240c252c7e74d3afbfa90a0453

SHA512
ce70eb083929b363590474c9079d4f40a40fccc2f9ec740e3b7b70de4394c85e0729c52ff34f3a9695f2e51e49acee0d5a3e191468ec7454dc2fd2f760431f60

Download Submit
C:\Users\Admin\AppData\Local\Temp\cardPresso1\C320\C320_zip\resources\C320usb.dll

Filesize
891KB

MD5
3013b4b4a7ff4848a73ca2594338fec6

SHA1
89d4310fdd7436452a473559100a38388fc53288

SHA256
d4dc245373d8db7435cf9a363d97201ee2b69c48b853e61c8575bb5dc65d54f6

SHA512
69cdd341236faed64f8b53a60d2d73fad8b6fe88baf96e42b5f39ec005fed5be9d5676e6f2d71b486fe6965ed7ef42cd7227aea0b3a95a891a7a50ea0bfbd6b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cardPresso1\C320\C320_zip\resources\msvcp100.dll

Filesize
411KB

MD5
03e9314004f504a14a61c3d364b62f66

SHA1
0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

SHA256
a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

SHA512
2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cardPresso1\CrossMatch\CrossMatch_zip\resources\USB4XX.dll

Filesize
332KB

MD5
07b8cd81240d6352a53e04916839ea90

SHA1
e1c733ca401811bd564a10c61688f974dda288a6

SHA256
3ee0f939ac873a2657c31be0e9098835b06a37e209b01888054d46dc3e17c11a

SHA512
c8d2e6a1a3fc66a42a7cb9d69b4924de0be3aa7dbeb0f3c03027d23ff8a35c4934aae1563417d7dcb8d7a493570d739373e4c4f0da993de8b423cdb6627d2ad4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cardPresso1\CrossMatch\CrossMatch_zip\resources\intl.dll

Filesize
148KB

MD5
eb2d4c4d4a527bc88a69a16cc99afcf5

SHA1
b326ec4919e1ec9595c064b24853b1e6b71530a3

SHA256
682d4277092472cac940558f9e679b44a6394159e49c9bbda299e33bfc6fdc92

SHA512
009f31cd68a87a40aef4be07af805ab50fac03f4c621144b170d9d3313b1b6a73415f6dd878b048f85afc1b662659a88e4cc89e9a8c76f631f6f1b79d57fd0b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cardPresso1\CrossMatch\CrossMatch_zip\resources\libglib-2.0-0.dll

Filesize
1.2MB

MD5
87e289b194a98b66779d6f045386baf6

SHA1
5a66e4ae1d29d32f41ab101849df70f2432b2b15

SHA256
2b2567a2393860951cab5d3566f7d27c2c92a84c970abdeefd94c6a342c29472

SHA512
8ca3e07d81ce5709eab951187755abd3753e121cb3439b959f4ea058ae6f9a78fb45c8f63647e5984a943f8e553f0fd042983eacdcadbdc6c4c8cc2ec3a6a092

Download Submit
C:\Users\Admin\AppData\Local\Temp\cardPresso1\DigitalPersona\DigitalPersona_zip\resources\DPFPApi.dll

Filesize
349KB

MD5
339af9b4586ba518fe2b523816a4ac6e

SHA1
c90a64cb0c0e12cefd516246fb22b8f31c9bcfe5

SHA256
27cb691d66d43d41655457c52071b35fc7a94cb1750275f0084d37c108deaf40

SHA512
4b32348bd4c9fe2204d1e8b9ed5f9e618992bf3520e9435ae8d84a3d5f1b7e1a85e64da98be2f4723a022e304e3c2f68818b6be1542f9eac883b7348e74307b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\cardPresso1\IntegratedBiometrics\IntegratedBiometrics_zip\resources\IBScanUltimate.dll

Filesize
812KB

MD5
57574ad4171c974a7f1b552f38554f45

SHA1
84809fd4197b59e613f850d267bde8234bb89884

SHA256
b78f388ed19834a8d9351ec228dff5fe9308a34ba76bbc5fc4f82eade564095c

SHA512
3e38a2532cca5d85aabc7b67b0e02a1bef5c073ffaee9d01b9024d52f45d0393aec4112ea9316113f8a27cde4e2f69935fd4b0c504c50d97a546fedff7fd6456

Download Submit
C:\Users\Admin\AppData\Local\Temp\cardPresso1\Signotec\Signotec_zip\resources\STPadLib.dll

Filesize
416KB

MD5
ea7314e72e4c7b2f56ac6c186bcbffe0

SHA1
33e9f0033b2e6cdcba7bddd7750e33179b91f906

SHA256
929c5b1d0fe3e93cfb15d0a96a8f946bda671f1673207c80f793bec71c3c29e7

SHA512
9397886abe176be9e7295b6443b10a8ad6205a32d2f6b0ea2139244cefd2b7c02aaa472a71484061b4b1720106195dd9b5a873031d7d0b3a9a0593c845d05d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cardpresso\Zebra\Zebra_zip\resources\ZebraBarcodeSDK.dll

Filesize
58KB

MD5
f2eb887cd28f0b814581cedb0508321a

SHA1
3516c6e12b52e74802c004a53ef847187661b7fe

SHA256
5bb1f6acdca1024ee28d9834ec4880eea60069247f15ad06cf4b2acab42b6af7

SHA512
225a5e30bc0a11db4896a2e2bc72cc17ea3865ddef2d1616de0d0e81b8f1e6b5d6cc7eee85009093c9eb32fa864c4924b83fead330802a368287582ea49239b7

Download Submit
C:\Users\Admin\AppData\Local\cardPresso\cardPresso.conf

Filesize
74B

MD5
8833b568b96fd932e0bcd3df15565149

SHA1
f164d9c80ec8439cac3f259e05919cd059087f37

SHA256
48a6c5666a145e4f147a65cb09abcba6b3d2b610e1ec3dbc21d88af14bbd23cf

SHA512
f3d16150f67fbbf72210f56157f462e4cd92e0fe8353fa187dac515d23925dc6a0b541a845fb3d04019e2f1f53ddcd2390768583e48ce9ec18db8215c8e74c0c

Download Submit
C:\Users\Admin\AppData\Local\cardPresso\cardPresso.conf

Filesize
1KB

MD5
1f2d74ea1681a014f9bca4e539803377

SHA1
d94bc24f66a7bea245fdb388f49ac9ce09d6b044

SHA256
1d136df1981dc245282bcdcbaadf1fe9fb44115585d755e95cd1e534aa97dd0e

SHA512
4a7195a4482b68e7a72ecdc6e9710271c22ef10651743a6a67242be8a22dc8c8b7c45d6e99c8e1bfe92560d37f9b1a7ab23cc05baeecc96c95c75768e4825acc

Download Submit
C:\Users\Admin\AppData\Local\cardPresso\cardPresso.conf

Filesize
1KB

MD5
3d8c1a18ccbeb32c3a0e89722ccb9f70

SHA1
5dab3f033e10cec53d83f2cb6a86fb4d2f17d21b

SHA256
2e9afd3919626f4b34e2fefd9db42a38dfc44a8fc04c56d813cb3f98d5ae076f

SHA512
65316133ed5082294bd8b447d02eaede3283d52bec5d13f23ef1d66aff5ab1c9220d3d64560f6d214ddc2d05a34633352301a7965e6f801ff289ebafc6637c7a

Download Submit
C:\Users\Admin\AppData\Local\cardPresso\cardPresso.conf

Filesize
1KB

MD5
c78b84b12d39c5e44f2997f5f57e0da8

SHA1
1cbe27d11d1a7f5ca593ec4f2d49c459b8216284

SHA256
60b5d6ed1f0addd597f6f213fccd708fc3a2d8beb52cd1de7ed8bbfbb5d0e23a

SHA512
1c9fc9829a904342cb8da436538439a2d14d3cda2b99fbc8ff05e6dc891c15745891fce2e58615f251e83e8f17b1a498f086113cf562e2fd3c065684feb69ec0

Download Submit
C:\Users\Admin\AppData\Local\cardPresso\cardPresso.conf

Filesize
1KB

MD5
e9d06c6cc0f3be23b7f4fe0f26892d39

SHA1
ee697e84f2e703362a0e0af53ff0c7aeb4c5ffb5

SHA256
e42cba184e2d1d6d921c0b211e3b16bd525867a73f5df46d3848eaa1c2a7936f

SHA512
14a884ddca39292f904d06732f20006ea2277d1294fb2486cd36ef86e14a927931c5114388efdcd5b823719dd70ea71954d1af174f384d43419a20a4b7c4778b

Download Submit
C:\Users\Admin\AppData\Local\cardPresso\cardPresso.conf

Filesize
1KB

MD5
73e36cf7b554aac39cd35891bbce0010

SHA1
1e4cd792272ace3799d68e7e986c967d9d655a84

SHA256
d984f5654cd76989b0e9eb43334dc8ae481124cf1159d0b0f208f118db7f5589

SHA512
e09f898ec93bb4a3488f04e9d0db7557b465230153dcb622ad7763ba14db6386e134055f2031d4be063ecd1cf885e685478af23e065b44f7ec7c052e3c801a43

Download Submit
C:\Users\Admin\AppData\Local\cardPresso\cardPresso.conf.lock

Filesize
69B

MD5
6c01305e6303cc0f76bc71fd13ba9c42

SHA1
32f3084c5a616ed8744340aba735b247abab6045

SHA256
e81247d29b9a2d9edd24424fcf26641ebea2fda9066b968e1224d2918a9c828e

SHA512
c4739de373965b471637cf8cdf1e0cfb482cb63a3e62bf57229c3ce2a63104440056233c638e5b2aedc6d2565ce46c682618bc2f63f32d9966a882780981f54e

Download Submit
C:\Users\Admin\AppData\Local\cardPresso\cardPresso.conf.lock

Filesize
63B

MD5
f65b447cdea23636d46fdcd9410f067e

SHA1
53b4637371d32092e335c9fdd22cd1a2bb5c3361

SHA256
433eee60aacdbdf66e5f3512152a681446cfbeee10b61bbfe44e51de187230fb

SHA512
2d1ecc816344dc7cd3580ef98d1d9548e31ff479197ca553e5a27b7dc6d3f510db24ef731ef2450aa8071d335f2c12347f2a101c675a1701abb4274ff8cd3ece

Download Submit
memory/2480-158-0x0000000010610000-0x000000001068A000-memory.dmp

Filesize
488KB

Download
memory/2480-221-0x00000000685C0000-0x00000000686C6000-memory.dmp

Filesize
1.0MB

Download
memory/2480-174-0x00000000160A0000-0x00000000160F8000-memory.dmp

Filesize
352KB

Download
memory/2480-222-0x000000006A300000-0x000000006A323000-memory.dmp

Filesize
140KB

Download
memory/3580-25-0x0000000015A10000-0x0000000015A68000-memory.dmp

Filesize
352KB

Download
memory/3580-219-0x00000000685C0000-0x00000000686C6000-memory.dmp

Filesize
1.0MB

Download
memory/3580-220-0x000000006A300000-0x000000006A323000-memory.dmp

Filesize
140KB

Download
memory/3580-77-0x000000006A300000-0x000000006A323000-memory.dmp

Filesize
140KB

Download
memory/3580-76-0x00000000685C0000-0x00000000686C6000-memory.dmp

Filesize
1.0MB

Download