floxif | 68f37e5e4fa62f7b37e2c0d3397a8eaf010b1bf99dc955166c067cf0efebd7a5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/01/2025, 08:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe
Size

26.9MB
MD5

8d7d56e290266a313874b9f9efca4573
SHA1

4bf0343454ed6b091cd125a1054eed8e542eab79
SHA256

68f37e5e4fa62f7b37e2c0d3397a8eaf010b1bf99dc955166c067cf0efebd7a5
SHA512

e43956e5fcb4c4b317dbe4b260f8691682358c0b5c3dd2903549e19dd54f3413b7bcb3e44a9b6d92425d769f78f8d496c7a425914a5275aba4a93a6c1df34838
SSDEEP

786432:JR+SCntaUfOGhTwRoZJOH+vm2vgYCiY5SIiRf:JR+LnNOG5Jn6YCi79f

Score

10^/10

floxif backdoor discovery trojan upx

Malware Config

Signatures

Floxif family
floxif
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral1/files/0x000c00000001226b-1.dat	floxif

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000c00000001226b-1.dat	acprotect

Executes dropped EXE 3 IoCs

pid	Process
2504	InstallationPathWriter.exe
2500	SWMAgent.exe
780	sAgentSetup.exe

Loads dropped DLL 31 IoCs

pid	Process
2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe
2528	MsiExec.exe
2528	MsiExec.exe
2724	MsiExec.exe
2724	MsiExec.exe
2840	MsiExec.exe
2840	MsiExec.exe
2840	MsiExec.exe
2840	MsiExec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2780	msiexec.exe
2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe

Blocklisted process makes network request 6 IoCs

flow	pid	Process
5	2780	msiexec.exe
7	2780	msiexec.exe
9	2780	msiexec.exe
11	2780	msiexec.exe
13	2780	msiexec.exe
17	2112	msiexec.exe

Enumerates connected drives 3 TTPs 47 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\e:	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c00000001226b-1.dat	upx
behavioral1/memory/2900-3-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2900-139-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2900-138-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2900-360-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_ENG.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_DUT.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_SWE.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\License.txt	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_UZB.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_ARA.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_SCC.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_RUS.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_HEB.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_BUL.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_VIE.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_CHS.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_GER.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_FIN.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_KAZ.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_AZE.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_JPN.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_BRA.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_UKR.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_SCC.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_RUS.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_CHT-HK.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_BUL.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_HIN.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\SWM_ChangeShortcutToChinese.exe	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_SLO.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_GRE.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_POR.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_CZE.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_SWE.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\SWMSetupCustomAction.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_TUR.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\SetupLogCollector.exe	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\sManager.ico	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\SecSWMgrGuide.exe	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_SCR.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\SetupLogCollector.exe	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_GER.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_KAZ.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_FAR.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_SLV.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_FRE.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_HUN.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_JPN.chm	msiexec.exe
File created	C:\Program Files\Common Files\System\symsrv.dll	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_SPA-MX.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_RUM.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_UKR.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_HUN.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_DAN.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_HIN.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\SWM_ChangeShortcutToChinese.exe	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_TUR.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_DAN.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_IND.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\InstallationPathWriter.exe	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_FAR.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_ENG.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_ITA.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_THA.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_UZB.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_IND.chm	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\InstallationPathWriter.exe	msiexec.exe
File created	C:\Program Files (x86)\Samsung\SW Update\SecSWMgrGuide.exe	msiexec.exe

Drops file in Windows directory 16 IoCs

description	ioc	Process
File created	C:\Windows\Installer\f76c16c.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC929.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSIC6E6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\{0119B3FC-1945-40CB-B800-4650D842B5A8}\_853F67D554F05449430E7E.exe	msiexec.exe
File created	C:\Windows\Installer\{0119B3FC-1945-40CB-B800-4650D842B5A8}\_CB86965994743466168D23.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{0119B3FC-1945-40CB-B800-4650D842B5A8}\_CB86965994743466168D23.exe	msiexec.exe
File created	C:\Windows\Installer\f76c16b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76c16b.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\f76c16e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f76c16c.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC84E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{0119B3FC-1945-40CB-B800-4650D842B5A8}\_853F67D554F05449430E7E.exe	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sAgentSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SWMAgent.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Kills process with taskkill 6 IoCs

evasion

pid	Process
2560	taskkill.exe
1684	taskkill.exe
1364	taskkill.exe
1152	taskkill.exe
1428	taskkill.exe
900	taskkill.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\CF3B91105491BC048B0064058D245B8A	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\ProductName = "Samsung Update"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BF3805105D8948C4D93B598B404C92A9\CF3B91105491BC048B0064058D245B8A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\SourceList\Net\1 = "C:\\ProgramData\\Samsung\\SWUpdate\\Setup\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\CF3B91105491BC048B0064058D245B8A\DefaultFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\PackageCode = "ECED27BB0246EE14EB277654BB565B9A"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\Version = "33685566"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\ProductIcon = "C:\\Windows\\Installer\\{0119B3FC-1945-40CB-B800-4650D842B5A8}\\_853F67D554F05449430E7E.exe"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Samsung\\SWUpdate\\Setup\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BF3805105D8948C4D93B598B404C92A9	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\CF3B91105491BC048B0064058D245B8A\SourceList\PackageName = "sManagerSetup.msi"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe
2112	msiexec.exe
2112	msiexec.exe
2840	MsiExec.exe
2840	MsiExec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe
Token: SeDebugPrivilege	1684	taskkill.exe
Token: SeDebugPrivilege	2560	taskkill.exe
Token: SeShutdownPrivilege	2780	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2780	msiexec.exe
Token: SeRestorePrivilege	2112	msiexec.exe
Token: SeTakeOwnershipPrivilege	2112	msiexec.exe
Token: SeSecurityPrivilege	2112	msiexec.exe
Token: SeCreateTokenPrivilege	2780	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2780	msiexec.exe
Token: SeLockMemoryPrivilege	2780	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2780	msiexec.exe
Token: SeMachineAccountPrivilege	2780	msiexec.exe
Token: SeTcbPrivilege	2780	msiexec.exe
Token: SeSecurityPrivilege	2780	msiexec.exe
Token: SeTakeOwnershipPrivilege	2780	msiexec.exe
Token: SeLoadDriverPrivilege	2780	msiexec.exe
Token: SeSystemProfilePrivilege	2780	msiexec.exe
Token: SeSystemtimePrivilege	2780	msiexec.exe
Token: SeProfSingleProcessPrivilege	2780	msiexec.exe
Token: SeIncBasePriorityPrivilege	2780	msiexec.exe
Token: SeCreatePagefilePrivilege	2780	msiexec.exe
Token: SeCreatePermanentPrivilege	2780	msiexec.exe
Token: SeBackupPrivilege	2780	msiexec.exe
Token: SeRestorePrivilege	2780	msiexec.exe
Token: SeShutdownPrivilege	2780	msiexec.exe
Token: SeDebugPrivilege	2780	msiexec.exe
Token: SeAuditPrivilege	2780	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2780	msiexec.exe
Token: SeChangeNotifyPrivilege	2780	msiexec.exe
Token: SeRemoteShutdownPrivilege	2780	msiexec.exe
Token: SeUndockPrivilege	2780	msiexec.exe
Token: SeSyncAgentPrivilege	2780	msiexec.exe
Token: SeEnableDelegationPrivilege	2780	msiexec.exe
Token: SeManageVolumePrivilege	2780	msiexec.exe
Token: SeImpersonatePrivilege	2780	msiexec.exe
Token: SeCreateGlobalPrivilege	2780	msiexec.exe
Token: SeCreateTokenPrivilege	2780	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2780	msiexec.exe
Token: SeLockMemoryPrivilege	2780	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2780	msiexec.exe
Token: SeMachineAccountPrivilege	2780	msiexec.exe
Token: SeTcbPrivilege	2780	msiexec.exe
Token: SeSecurityPrivilege	2780	msiexec.exe
Token: SeTakeOwnershipPrivilege	2780	msiexec.exe
Token: SeLoadDriverPrivilege	2780	msiexec.exe
Token: SeSystemProfilePrivilege	2780	msiexec.exe
Token: SeSystemtimePrivilege	2780	msiexec.exe
Token: SeProfSingleProcessPrivilege	2780	msiexec.exe
Token: SeIncBasePriorityPrivilege	2780	msiexec.exe
Token: SeCreatePagefilePrivilege	2780	msiexec.exe
Token: SeCreatePermanentPrivilege	2780	msiexec.exe
Token: SeBackupPrivilege	2780	msiexec.exe
Token: SeRestorePrivilege	2780	msiexec.exe
Token: SeShutdownPrivilege	2780	msiexec.exe
Token: SeDebugPrivilege	2780	msiexec.exe
Token: SeAuditPrivilege	2780	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2780	msiexec.exe
Token: SeChangeNotifyPrivilege	2780	msiexec.exe
Token: SeRemoteShutdownPrivilege	2780	msiexec.exe
Token: SeUndockPrivilege	2780	msiexec.exe
Token: SeSyncAgentPrivilege	2780	msiexec.exe
Token: SeEnableDelegationPrivilege	2780	msiexec.exe
Token: SeManageVolumePrivilege	2780	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2780	msiexec.exe
2780	msiexec.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2560	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	30
PID 2900 wrote to memory of 2560	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	30
PID 2900 wrote to memory of 2560	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	30
PID 2900 wrote to memory of 2560	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	30
PID 2900 wrote to memory of 1684	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	31
PID 2900 wrote to memory of 1684	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	31
PID 2900 wrote to memory of 1684	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	31
PID 2900 wrote to memory of 1684	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	31
PID 2900 wrote to memory of 2780	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	35
PID 2900 wrote to memory of 2780	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	35
PID 2900 wrote to memory of 2780	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	35
PID 2900 wrote to memory of 2780	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	35
PID 2900 wrote to memory of 2780	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	35
PID 2900 wrote to memory of 2780	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	35
PID 2900 wrote to memory of 2780	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	35
PID 2112 wrote to memory of 2528	2112	msiexec.exe	37
PID 2112 wrote to memory of 2528	2112	msiexec.exe	37
PID 2112 wrote to memory of 2528	2112	msiexec.exe	37
PID 2112 wrote to memory of 2528	2112	msiexec.exe	37
PID 2112 wrote to memory of 2528	2112	msiexec.exe	37
PID 2112 wrote to memory of 2528	2112	msiexec.exe	37
PID 2112 wrote to memory of 2528	2112	msiexec.exe	37
PID 2112 wrote to memory of 2724	2112	msiexec.exe	42
PID 2112 wrote to memory of 2724	2112	msiexec.exe	42
PID 2112 wrote to memory of 2724	2112	msiexec.exe	42
PID 2112 wrote to memory of 2724	2112	msiexec.exe	42
PID 2112 wrote to memory of 2724	2112	msiexec.exe	42
PID 2112 wrote to memory of 2724	2112	msiexec.exe	42
PID 2112 wrote to memory of 2724	2112	msiexec.exe	42
PID 2112 wrote to memory of 2840	2112	msiexec.exe	43
PID 2112 wrote to memory of 2840	2112	msiexec.exe	43
PID 2112 wrote to memory of 2840	2112	msiexec.exe	43
PID 2112 wrote to memory of 2840	2112	msiexec.exe	43
PID 2112 wrote to memory of 2840	2112	msiexec.exe	43
PID 2112 wrote to memory of 2840	2112	msiexec.exe	43
PID 2112 wrote to memory of 2840	2112	msiexec.exe	43
PID 2840 wrote to memory of 1364	2840	MsiExec.exe	44
PID 2840 wrote to memory of 1364	2840	MsiExec.exe	44
PID 2840 wrote to memory of 1364	2840	MsiExec.exe	44
PID 2840 wrote to memory of 1364	2840	MsiExec.exe	44
PID 2840 wrote to memory of 1152	2840	MsiExec.exe	45
PID 2840 wrote to memory of 1152	2840	MsiExec.exe	45
PID 2840 wrote to memory of 1152	2840	MsiExec.exe	45
PID 2840 wrote to memory of 1152	2840	MsiExec.exe	45
PID 2840 wrote to memory of 1428	2840	MsiExec.exe	48
PID 2840 wrote to memory of 1428	2840	MsiExec.exe	48
PID 2840 wrote to memory of 1428	2840	MsiExec.exe	48
PID 2840 wrote to memory of 1428	2840	MsiExec.exe	48
PID 2840 wrote to memory of 900	2840	MsiExec.exe	49
PID 2840 wrote to memory of 900	2840	MsiExec.exe	49
PID 2840 wrote to memory of 900	2840	MsiExec.exe	49
PID 2840 wrote to memory of 900	2840	MsiExec.exe	49
PID 2840 wrote to memory of 2172	2840	MsiExec.exe	53
PID 2840 wrote to memory of 2172	2840	MsiExec.exe	53
PID 2840 wrote to memory of 2172	2840	MsiExec.exe	53
PID 2840 wrote to memory of 2172	2840	MsiExec.exe	53
PID 2840 wrote to memory of 2504	2840	MsiExec.exe	55
PID 2840 wrote to memory of 2504	2840	MsiExec.exe	55
PID 2840 wrote to memory of 2504	2840	MsiExec.exe	55
PID 2840 wrote to memory of 2504	2840	MsiExec.exe	55
PID 2840 wrote to memory of 2504	2840	MsiExec.exe	55
PID 2840 wrote to memory of 2504	2840	MsiExec.exe	55
PID 2840 wrote to memory of 2504	2840	MsiExec.exe	55
PID 2900 wrote to memory of 780	2900	2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe	59

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-10_8d7d56e290266a313874b9f9efca4573_bkransomware_floxif.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM sManager.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2560
- C:\Windows\SysWOW64\taskkill.exe
  "C:\Windows\System32\taskkill.exe" /F /IM SWMAgent.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1684
- C:\Windows\SysWOW64\msiexec.exe
  msiexec.exe /i sManagerSetup.msi /norestart
  2⤵
  - Loads dropped DLL
  - Blocklisted process makes network request
  - Enumerates connected drives
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2780
- C:\ProgramData\Samsung\SWUpdate\Setup\sAgentSetup.exe
  sAgentSetup.exe /OEMINSTALL
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:780

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C1243CD9C71BB7476C96B6BA30004352 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2528
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2EFCF631DB630507992912460EC9AD51
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2724
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 72DEE98610F456DCD77D5E4981DF2000 M Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\SysWOW64\taskkill.exe" /F /IM SWMAgent.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1364
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\SysWOW64\taskkill.exe" /F /IM SWMFileDownloadUtil.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1152
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\SysWOW64\taskkill.exe" /F /IM SWUInterfaceLauncher.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1428
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\SysWOW64\taskkill.exe" /F /IM SWMLauncher.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:900
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\SysWOW64\schtasks.exe" /delete /tn "SWUpdateAgent" /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2172
- - C:\Program Files (x86)\Samsung\SW Update\InstallationPathWriter.exe
    "C:\Program Files (x86)\Samsung\SW Update\InstallationPathWriter.exe" -task="write" -id="20000" -name="sManager.exe"
    3⤵
    - Executes dropped EXE
    PID:2504

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1624

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000594" "00000000000004C4"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1648

C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
"C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe" /SERVICE
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f76c16d.rbs

Filesize
20KB

MD5
d2f02bc1b949a350441071a590eec16b

SHA1
8ae9b28486ec6f04a3d7dc2f2f36d0f671757f18

SHA256
c6962c236898f5131fc898d98eb24f183b567220b2febb9d3a80a9bb415526b5

SHA512
9be766a1971c09d2e1e60853b3934c08b284bf0fae4f51afad798a76c250059548abba824615e28971c5298fbb3aa8ec90df4ef83cdfea1171b5a9ef62769467

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_CHT-HK.chm

Filesize
12KB

MD5
03544bf81c3aaa2adcccb7a1ae0c76bf

SHA1
bc80ab03b78cd2202f2e653330c8b3dd0a4adad2

SHA256
43934c228d8911033336f67b3000700e001b6602a2c02c1fe440a1108f183605

SHA512
6d70d2c264bdcaa1b6a82be9f43d886ff010c61e87868659d7457502475602ea3dcafc93ce9ee2d30ae91ff9ec82fb986be4577928e14bd60e8d40b66f332600

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_CZE.chm

Filesize
12KB

MD5
3c5162a1115c57b66ae6c9b20bcb7418

SHA1
5541851e393f41327634a8d1246e642d79091b19

SHA256
89ffa2573caadca618457b8304f5576cbcdc798d5a7639414137c0ae64607d3a

SHA512
c300c6b6ab45fbde33025d4dc0029d593816f30feeecac5dae18bd5fb05650352c11097ab93bc31831c5d464c3cb35c1ef5b4b0758c141ebfe9c8d73e5ce998b

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_DUT.chm

Filesize
12KB

MD5
f1e3392dea3ffa56fe92a6c2ee27c3d0

SHA1
c9a63e3babc0e34843f0244511fbfee5637a96c1

SHA256
d57584717b1d12968cdf165858852f36c3b26e6bb605d247f09d32739356805a

SHA512
25d23f7023966ffdebf4d79e65cfa6a27b0380641f4c1fc48f25e82bc296edabce854d1ee24a961849c20ad51f84181f722a4daabe09136e8f91b34228a485e4

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_FIN.chm

Filesize
12KB

MD5
e9f9020f9a6c79a2e8c265cdeb5a024e

SHA1
59c6d9f1a833c9aa1d0a0d876f273e305b217777

SHA256
29a11cb22438d1a0f0b67066f5615e9896ea481ec41e0847ea1446c30e8878d2

SHA512
b554bd728a01cbf3018c3a65addcb174974e6b6f8650432c643ae9cf9ad4b1e6298af356345a6cfb99b63d5f720b1907b3e9ae215601423b79471ada6cf5c466

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_FRE.chm

Filesize
12KB

MD5
2a765e66267f53c6ff8a3bffdc069f6c

SHA1
883993f9d24068edac04b6d638ecb036ec9132e4

SHA256
cc96740ae9e161323c0a873f75a0c90f5cafb371f5d270b5ff4011ce6014fe7d

SHA512
f97c69998552aa422d0de5addcedb68e840b02450b3327ce65a4702ed31c679a99df2c7ef6a1dddbd0978e88561c06581ed47e0c870e6047cec0de02de8095ad

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_GER.chm

Filesize
12KB

MD5
710431b364edd8ddd4305e898c4a7c14

SHA1
5497e3a79dcc5efd7548aa3c51b1a9f41ecb6c5d

SHA256
4a1250f21c6645e71341c41d07372c84332733f76553c55acf8fa96651a6d719

SHA512
d2df6b1d6aaa0b0507b5d96324261ee217c4ffa35b8c572c89ec293a9565c2b1f95f777bc0375565954d2dcfb1596fc5261f62cde703ab8ec381f649ec5ffc34

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_GRE.chm

Filesize
13KB

MD5
10b1bed1205fdbb945b8b0aac22deb60

SHA1
19482e6ba4df50b562fc3a4b76b693453a6121e2

SHA256
a1c33f3290105ccd733b0da45b0e2683b5ac7f70b6b1b811e22b453b5623a26a

SHA512
ae1eb1ab76116d417165b07a82ba939ec2141a2a134c87a6fd481b3efdcf01177a133b68b4a89fe4fe90e93d54a82bc6156ab0903ca5e61772c2e6dd9bf02b20

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_ITA.chm

Filesize
12KB

MD5
9f2ca3154a8ea91071b9a46c0aea4c1d

SHA1
babb64a1e950d4a054e2ffd0341cc95e4d9b3e53

SHA256
f3ca54e15d56f337376c4c1a6ddf9d58709ebcb11511c9bde90fecca42dd4fbd

SHA512
72f0b0eabb7faa0b5f6ac9ae3b54212649fec4fd693939187be2c082b752166cf698873e204db858ca1ebd1024dfc85fde1b870cf1eb0928e12e768d69f989ff

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_NOR.chm

Filesize
12KB

MD5
96eecca90564af257cd656c136ff9e7b

SHA1
9f09f61d964d3049390ed9f5e91f6b3144e0d3a5

SHA256
bde1c85416cf46ce12e45ada973382b48a5a210692a9dda3354df586537f41fc

SHA512
0e1f387a7b84119b28da15912fce45800bfc409672abd3e444931839cd929a2f8b5d1d6f59f1f4531ad929a80662f0d771260a2f6466af6e1214070a60d7c1d6

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_POL.chm

Filesize
12KB

MD5
42bc73c076c7c32a7b21febdc4608075

SHA1
386b838e5b76df2dcb620873e40873c50ff6f68b

SHA256
a5a2ee74b57e0ceaf5ee9f980b5c0962a784d246bdd004b33b315d7d30096ec7

SHA512
a2f43784fbbd0ab0c98a30429ea68c76b989e24852d5bf44b2d99ddf6b960a70eafda211dbdeb4208ed0e83a45da2e108dbd0a66ee886a183901e7e496b22f96

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_RUS.chm

Filesize
12KB

MD5
81b75e63131b1b69bd22affabedd6ee2

SHA1
446efc3ee0183175f1f9e49f7f079dd87a406617

SHA256
8dd28725c67075ae1c2d41406343bd5777a644b2b826831d0b8eb489369a288b

SHA512
8b264180454cff29c99334bb680ebd7620f87dfad851db0c8db9d347dfcb822c9c9dbe878aeeddc9daf6aebac65e89ba0c54917efc094b811f76ac153a97957b

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_SLV.chm

Filesize
12KB

MD5
38e0cc1e160cf4a0c70b404351719644

SHA1
ed12b1f084974116fb829561a6fc9b1e184b9c35

SHA256
d28d5e3f3bd15a36af501fe580e3bf159039935fab9644d060e1af616736aa44

SHA512
f1e51f010f4d393c922a517bde97f5dc85b7f53937f7b8530e3ac7299874800a138a284413e2f6d93800a9ee45d28971468c77174aa521b8e18567bd2f28bd71

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_SPA.chm

Filesize
12KB

MD5
a5c2183747be4a6cfba2c1359f4d7299

SHA1
0033c5073f7d3d4704b1d86175faea756aceb380

SHA256
adf78f2ae5ae0d8eeaf8b4cf1c558ce8190dde3198e1e718102d98797acd2f55

SHA512
fbd5e10ab22b2ee9b0c7840a553fd28944a3a3a9d202a1b9dfb204c352fb5334f58601fb908c29b80293f874529bf2f9fa6ea38d31948e3afea2b96318564e5a

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_TUR.chm

Filesize
12KB

MD5
aabf2533183d94d809586cfdd4f1624a

SHA1
a509bd048023344ef0209065203d0038b0b39532

SHA256
9ebeda2cffc1b3eb4ccfd4ccd0b26e725705405f94b5189ca758d5b18b62ceb3

SHA512
7bf880605d6513fc46ab09fe806be6f6cce51cf5500fe7839d69286c5781fddc925a8f985f0c5b9bb380db67e3cb525216c7b712a4eea82b192b1cec442ea4ca

Download Submit
C:\Program Files (x86)\Samsung\SW Update\Help\SW_Update_UZB.chm

Filesize
12KB

MD5
409772699f707ff40ab616eb091a143c

SHA1
e172c11214336c320f91a226e1d82ad12688b1b7

SHA256
ef4f4946f59708cfb39a95ddc94d3ecc65b188a0660e7f0d8268585ba8bfcce3

SHA512
e0d1926e6839cb44246b4705a40750ed371d6415ba28239c439b8a2d516ee628a2f720e764391ed2042659975356e90967c7074c0d532293dcad5b14f84e7298

Download Submit
C:\Program Files (x86)\Samsung\SW Update\InstallationPathWriter.exe

Filesize
75KB

MD5
e9fea2b6eec45d9bc0469706a8e8c4f8

SHA1
7dc4d6331f2158a0cf17d3c3a066ab17d8918884

SHA256
5a615f3fc99eba65f204b4e3fc612e980e2d2a8a49458c42d2b5a21d68a01f4f

SHA512
090af2d4a33146736ecdae722fd3cdcf2b4c4c835c08490f2403945043a69b23094cc7c141f7f047b7ce0151efc8c9801623bd26140b8cc3b1e4974492e96895

Download Submit
C:\Program Files (x86)\Samsung\SW Update\SWMSetupCustomAction.dll

Filesize
1.8MB

MD5
257fabe2b8272978fc258a4acb6f57cf

SHA1
b106253ba47202b4532bcf12d383315fb27c8a36

SHA256
bfe25d7ca233d241baf296c456ed04fc1c7bbe98149e4de75ad13502b483fc9c

SHA512
7b816d35e7a4d05813a8667f29d1815920739c6cecf8ad225e793d694c239fea2e4c9fcced69bb3f13544fe4b8ce4fc8f9842a16c94e214db9c72d5d17f82d07

Download Submit
C:\Program Files (x86)\Samsung\SW Update\sManager.ico

Filesize
269KB

MD5
de8871fd5f27e83cb255da1ae3f84c01

SHA1
a4cb1157df8314e1d1f9b19c4c1d6298762b86a1

SHA256
b3b02831d15640c83efb7a20e045deacb55a0573609f7ffb18b50b2e7083cd89

SHA512
cda4a5bd25424bc62417f47a8942ee464f00cc9b80c32fbe54e188fc638f3963af7ddec83a9f82cd5bd9299c15668877bddf32a2bcf1d8940a974f5716398fdc

Download Submit
C:\ProgramData\Samsung\SW Update Service\License.txt

Filesize
50KB

MD5
006571f77bb55a73d2f9c63b25b87572

SHA1
b0857791fc8552bbb979cd7785584013d5bdc5b2

SHA256
9760f0ffaaae399a23bc81f8d6fa1daa97d48b811ef7eafbe0d14629521c06a3

SHA512
575044f65ed45e71daafc194d769034e5c5447621334107e57c1485a8e91f3731da251d50dda38f97026553e761f3a71efb1efb76f29aa0b9df7c6ab7767631b

Download Submit
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

Filesize
3.2MB

MD5
352b2cbd19510fea2eeb769683a4f5a9

SHA1
7356f47b351d4729fbe4db7b06be6ce8a3cdcdb1

SHA256
3380325b8f3b1f5b1ad70751fea88370694bc21bdae770de2bf627b49d483d0f

SHA512
286ce0c06054474ec21b780cc5cd2d8b440ed39ef337f2ed907d41509a8b86d487df717a732c16a6ff6ef9c1110e00ec2d8411e944fba86fbdd9d5ee1d0899c4

Download Submit
C:\ProgramData\Samsung\SW Update Service\SWMFileDownloadUtil.exe

Filesize
1.7MB

MD5
63ac8a30ed503b025316a61db955cb8d

SHA1
a9f8cf3fe05b968cf341f16728233293d551c67f

SHA256
063b1edf4a8426cad657fee9a383e1462ba5e5f99c9e80629c5d2874f9f8588f

SHA512
db2976615cb74c08dc8346874e891f6def1252acccf0c24cb6a737d54d861d76cfb5e6a4acc5c528585094bc7df0763b0d82b7b8b40c1f59607b8af62b9351ca

Download Submit
C:\ProgramData\Samsung\SW Update Service\SWMLauncher.exe

Filesize
25KB

MD5
320349e6a7680c4d1d923d19a9e23043

SHA1
bf0e7bc9c8b6290d34b1b4c8147153d63deac673

SHA256
0fe79e2856206e936424952dded3225925ef29b37b20c0d41adf5a5b18484c5b

SHA512
701ef6d153c2402a82ddc7a28f7f753416971ef3c8afca0b18bf3476a56f5ab3af29d506d5b96f190fe7a470f3423706d0d903544c739fde23480497eafcbd79

Download Submit
C:\ProgramData\Samsung\SW Update Service\SWUInterfaceLauncher.exe

Filesize
2.1MB

MD5
a0759ec98eb9c63fae02ceb6a7db841e

SHA1
c0442507fa2003761d1ad5f9ab66b8331745a5d0

SHA256
24ea5db08fd8bba96fc4258db8b54d2eebd473bf4f0064993a2b8885d8bc4863

SHA512
1cfd71fa3fa2e1a0fa13df5aa40e5fa13fba4a0983be03c553de064e99306370746e772862adfa2d4484ed194b9479510d419f245232fec6a47a1d3a2c9a1211

Download Submit
C:\ProgramData\Samsung\SW Update Service\SWUpdateIF.dll

Filesize
3.1MB

MD5
8d64a70b40993a415dc453d8f1d330f4

SHA1
d91c6fa3fc6609e602a81ada08282337234c67b1

SHA256
f90fafc6ce75d22e97896fa88ff661f93879a8476266ab7dee1e999f78624f4e

SHA512
aa11523369cd05c8214c87590ba2e5e79c5080f58cd6220a88449ef023d4fcfb70907d395bcc883fc22286a7adf0713073c4fd1a5a420e1c0cffb11f1f2e50b3

Download Submit
C:\ProgramData\Samsung\SW Update Service\ShortcutResource.dll

Filesize
1.8MB

MD5
3c73902fb6becfce8de94ee9c1591924

SHA1
b8659453c9cab414640a783992b3c10f0d57b99b

SHA256
89c5c8498468e86d80906dfede8abaf7c692aef0757337263f818b251b46f35e

SHA512
4dfeecc518cf2474cc0ebdd9dd268d7ec744e8bde594d1246ed08aa76762a502348398ba08e4ff1be32e4211c6f5d664b3435a2c1a7ec3fa505126573204f7ef

Download Submit
C:\ProgramData\Samsung\SW Update Service\sManager.lang

Filesize
1.5MB

MD5
1a75dfe2edc97d8efa1fea5a5d6cfb94

SHA1
93e254d7032a4e646111e1d15db8a3d8187e299f

SHA256
03003ab17a89c4fa9df8232ff272fd5b4104b6772efab936e6ff156a90557454

SHA512
76566ac48677e3deee3e59da14cabda55a5c960e9d38da4f6b3f8806f7bb8f9249f87ce1c4fe0fe0d430259b165a912113ba859972f0e5dcb3331be052fb63e7

Download Submit
C:\ProgramData\Samsung\SWUpdate\Setup\sManagerSetup.msi

Filesize
17.4MB

MD5
5865f6998f777b5049a4a77ccdc08637

SHA1
656bb805587ff840a4c306f7b672d41f3d16add9

SHA256
29081ec68088dfd952571f50c053ae9883b003744cf46585747f45a8b4eed014

SHA512
d2ef3f158297498241c6315f9ea3045a89509ab5e883cf4e6b2438f68e15490bc21b911df08fd899ee83770bee6a7609405b68e499f9f2e19f68796d654b1aa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB

Filesize
834B

MD5
5cb16e48b582bf86a4b396fcbc235981

SHA1
3e7cbf189fbbff1efb9b04c398ceb902e816f15b

SHA256
ba479af493eeefdf7de4c86890f5d87886bc0bc92522d39dd09eb21f85cf23f9

SHA512
55210eb21fd974bb189063d4e377c37b2cf1c2e0d7ec056dee48f8619cfe04a7a8c1ba329abcfa7edb4785fac08375df4c8261e98dc3a8294f0f4fc29cf61eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_C59BC91E99449F8BFBBBDD496CF022E4

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ECF3006D44DA211141391220EE5049F4

Filesize
92KB

MD5
7c35d9979088f78c0595385dc8067f67

SHA1
d47e7b8714d71f83718dfe56e330e28630853b3b

SHA256
8ffa5b11b1e2e2c59952608c604bda9ebc04253d2bdeaee3a860d841cb5a3f21

SHA512
f9c7ffa3a0ecbb4f9aea243c3f0bf70eb90b7e4731c8d5d30d0f5a81ec7fafae4a10978d7311bc5a34702dc2a325faa357a375616fd7cc2188e5678c06a00cbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB

Filesize
180B

MD5
8d40827a247bfac320a1b87541e03ffb

SHA1
3cdd64b8f4a2a444568d8d5e4085048881918c2a

SHA256
4ab967c0fe20b6e60f39f087e9d27ee86fb3ced084c4774ca7ed10e0a3241c9d

SHA512
257b6e9a3ef928f8dd17b99a080d90b0abc3bae74dda712a8eabe4b0bd9316de001ae14bafa905149604e33f57d48360f0f54a703a6b1f3e5b49d33731d027b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc9690c46148405f305cb4537d6b5cfb

SHA1
b628bd54e1d82ea686c20379d029bbee02a5a816

SHA256
eb781f6aa99b3e8a16e418130e39b64a611a30420240959f15b6adc97751181f

SHA512
70c0622fbbe2f679b5e1552d4f219023efe00040d5a1501b6f5d5b6517af7e5ef4b7f993d1b0bcedefd3bc772ca15af02ca7ca9bab5e73e0f7a20dfc233de979

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
398B

MD5
fde2be2b90efa5ab8c800b679cb37155

SHA1
280f2fb75f615300e7c0d4b0fb17398cbe457736

SHA256
0696e08bf4ab5be61a7e106fe9c3de86ecd77c1bec2efb06d2d618936fb7f02c

SHA512
8b872f96d5f8277628331888766fea7f844859d9b7c87fa28b22b9bb41e6207ca854ba08a812c8f5b35a4b1e227dc2ea566407e139153600d92b0a9f52eb1bf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_C59BC91E99449F8BFBBBDD496CF022E4

Filesize
418B

MD5
18d71f0b491a1e1832ae070c1d7ea050

SHA1
e93713812f010a97079dd60d1bca634930f688a7

SHA256
77b52aca7014564b2ae4023bc9f31d08290cdbbc99d79ac715682e4a4c69c945

SHA512
d9c5ec2524ae3707a1e9c4407da44fcf852337ca0aee62764354f1116ffda1c93e2d80d8043143886942bcd1a92f99f0a4a3f71b67ee7183485da0959b7ae9d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4

Filesize
170B

MD5
29c30802295cbaa62453e481d1d3d12a

SHA1
46c815862507af3b79c7a6f239df9297112d5432

SHA256
f513b8397b5e4c2588351b43a2dbe03216b35fe6478bb6ec53f26ee6868ebebe

SHA512
1d2922c76db598a70c693896c0e810688d2e8dd6b17b2d352b7444e26d7c59be51b8502b98a28b11b1244fd54cb01d82bd1462e6e47ceb73393e8280c0853279

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9F7C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIA470.tmp

Filesize
298KB

MD5
9945f10135a4c7214fa5605c21e5de9b

SHA1
3826fb627c67efd574a30448ea7f1e560b949c87

SHA256
9f3b0f3af4bfa061736935bab1d50ed2581358ddc9a9c0db22564aced1a1807c

SHA512
f385e078ceeb54fe86f66f2db056baba9556817bbf9a110bcd9e170462351af0dd4462429412410c7c3b2b76ea808d7bce4ea1f756a18819aa1762edb3745cc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F8F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Program Files (x86)\Samsung\SW Update\SWM_ChangeShortcutToChinese.exe

Filesize
1.9MB

MD5
b26ea7e253dfa6bbcfc9a85098119749

SHA1
ade4231b084dd8ad59b10c17c8a43726e869e2bb

SHA256
690157c4d62fdcf5f268f0edb04e4e39ab8dfa5e29e1770d48edac12a62e6e0c

SHA512
17e2696389960604b01153343fadc580ec01326ba97df6e7b8acec210d8eb55acd6d1fc3b0f93d4777e2747a0568b4f78e4d32b0bacfc617ef7938162c39e2d6

Download Submit
\Program Files (x86)\Samsung\SW Update\SetupLogCollector.exe

Filesize
1.8MB

MD5
7c418222b9e551f5fd27200228fd05a6

SHA1
1d554a9ba1ece48ce07aaef1c517037fc237008f

SHA256
e2c1ced6b0e465b22788375aa5185800f464e7f357fdabcc90c0ed9bbca7b2c6

SHA512
90d7381bd7d10bc2fc97a5232eda74575bfdfa752aeba38c2d5bf2ba4fafbfc07e0b580193f153766c67cb92140982cd2178dff360f502c1545d96cc9dc7ac79

Download Submit
\Program Files\Common Files\System\symsrv.dll

Filesize
67KB

MD5
7574cf2c64f35161ab1292e2f532aabf

SHA1
14ba3fa927a06224dfe587014299e834def4644f

SHA256
de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

SHA512
4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

Download Submit
memory/2900-137-0x0000000001090000-0x0000000002B74000-memory.dmp

Filesize
26.9MB

Download
memory/2900-139-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2900-138-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2900-3-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2900-360-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2900-358-0x0000000001090000-0x0000000002B74000-memory.dmp

Filesize
26.9MB

Download