01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc

Analysis

max time kernel
12s
max time network
113s
platform
windows10_x64
resource
win10v20210410
submitted
17-05-2021 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Size

4.2MB
MD5

2ab767d0abcc35e8dae7e6c80d60441a
SHA1

7abe32b589302e09948b1adb952010e4b426c778
SHA256

01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc
SHA512

535bfe0efc1bb3fa316af5e7cd4aa43aff9090ef14dddb922ca10d9721d672f8dd2d9267bd40ed931dc6e1df49d7fb5574987f531156f4badd40f35b4cf7557b

Score

10^/10

adware discovery persistence spyware stealer

Malware Config

Signatures

Registers COM server for autorun 1 TTPs
persistence

Registry Run Keys / Startup Folder
T1060
Executes dropped EXE 7 IoCs

Processes:

v4srchmn.exev4barsvc.exev4barsvc.exev4barsvc.exev4brmon.exev4HighIn.exev4barsvc.exe

pid process

1040 v4srchmn.exe
1212 v4barsvc.exe
1532 v4barsvc.exe
2476 v4barsvc.exe
2784 v4brmon.exe
2212 v4HighIn.exe
2980 v4barsvc.exe

pid	process
1040	v4srchmn.exe
1212	v4barsvc.exe
1532	v4barsvc.exe
2476	v4barsvc.exe
2784	v4brmon.exe
2212	v4HighIn.exe
2980	v4barsvc.exe

Loads dropped DLL 63 IoCs

Processes:

01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exev4srchmn.exev4brmon.exev4HighIn.exe

pid	process
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
1040	v4srchmn.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
2784	v4brmon.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
2784	v4brmon.exe
2784	v4brmon.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
2212	v4HighIn.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
2212	v4HighIn.exe
2212	v4HighIn.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DictionaryBoss Search Scope Monitor = "\"C:\\PROGRA~2\\DICTIO~1\\bar\\1.bin\\v4srchmn.exe\" /m=2 /w /h"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DictionaryBoss Browser Plugin Loader = "C:\\PROGRA~2\\DICTIO~1\\bar\\1.bin\\v4brmon.exe"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Run	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
stealer adware

Modify Registry
T1112

Browser Extensions
T1176

Drops file in Program Files directory 64 IoCs

Processes:

01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brmon.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regiet.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skin.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\Settings\s_pid.dat	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\CHROME.MANIFEST	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4hkstub.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4htmlmu.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4Plugin.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skin.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dlghk.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4html.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4reghk.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4script.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4sknlcr.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\LOGO.BMP	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4highin.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4html.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4radio.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4reghk.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brmon.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dyn.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4httpct.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4httpct.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4impipe.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4impipe.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4msg.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4uabtn.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4datact.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4idle.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regfft.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrchMn.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\LOGO.BMP	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4auxstb.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brstub.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\T8RES.DLL	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files\Internet Explorer\msimg32.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4radio.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrchMn.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4uabtn.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4feedmg.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4highin.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4ieovr.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4mlbtn.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skplay.exe	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4mlbtn.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4tpinst.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\CHROME.MANIFEST	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\INSTALL.RDF	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4hkstub.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4auxstb.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dlghk.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4ieovr.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File created	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4Plugin.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regfft.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4feedmg.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4htmlmu.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
File opened for modification	C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4idle.dll	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

Processes:

01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66222c2f-e3da-46fe-ac02-b30ba0daa13a}\AppPath = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d}\AppPath = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{e7472076-ff9d-4325-8eaf-613572008758}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c0cfcbe-d7e4-4778-8bfd-3a8d8b5a9ccd}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c0cfcbe-d7e4-4778-8bfd-3a8d8b5a9ccd}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c0cfcbe-d7e4-4778-8bfd-3a8d8b5a9ccd}\AppPath = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{163a7621-d9a7-4595-bd0c-ca2d34425c35}\Policy = "3"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66222c2f-e3da-46fe-ac02-b30ba0daa13a}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66222c2f-e3da-46fe-ac02-b30ba0daa13a}\AppName = "v4SrchMn.exe"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d}\AppName = "v4SkPlay.exe"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\UrlSearchHooks	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar\{3042df7a-e900-4389-9b94-923df0daa57e}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{163a7621-d9a7-4595-bd0c-ca2d34425c35}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7d153b1-5602-41a4-a012-06165b4b0c53}\AppName = "v4SlSrch.exe"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7d153b1-5602-41a4-a012-06165b4b0c53}\AppPath = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c0cfcbe-d7e4-4778-8bfd-3a8d8b5a9ccd}\Policy = "3"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{163a7621-d9a7-4595-bd0c-ca2d34425c35}\AppPath = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7d153b1-5602-41a4-a012-06165b4b0c53}\Policy = "3"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143f8-3dbe-424c-949f-20acd11e5a6d}\Policy = "3"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8c0cfcbe-d7e4-4778-8bfd-3a8d8b5a9ccd}\AppName = "v4impipe.exe"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{163a7621-d9a7-4595-bd0c-ca2d34425c35}\AppName = "v4medint.exe"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c7d153b1-5602-41a4-a012-06165b4b0c53}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66222c2f-e3da-46fe-ac02-b30ba0daa13a}\Policy = "3"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

Modifies registry class 64 IoCs

Processes:

01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.ThirdPartyInstaller.1	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.RadioSettings\	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{032416f0-0007-481b-9df8-9bcd1bf357f0}\Control	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9A402FD-82C8-4743-991E-BC77E62DA0E5}\VersionIndependentProgID	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{13C7C8BC-D8AD-4C4A-9CF4-941930624971}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE17CD12-2988-47B4-86E3-640288DE42CB}\TypeLib	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{23119123-0854-469D-807A-171568457991}\ProxyStubClsid32	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58376892-60e7-4f63-aca0-0f686af554d6}\InprocServer32	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C567FB88-C02E-4042-8685-8563D0633BE1}\ = "ISessionData"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.DynamicBarButton.1\CLSID	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED49DF44-2DC8-4CFC-8510-DAF4DFCC5F40}\TypeLib\Version = "1.0"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{23119123-0854-469D-807A-171568457991}\ = "ISkinLauncherSettings"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e001b32e-5acb-4cce-9910-2d379ce0a6d6}\Version	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E79601CE-6CB5-4A4C-A643-A9FEC2C136F5}\ = "_IDataCtrlEvents"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73a7cce6-ff3a-4c7f-9a3e-db9bd92be292}\TypeLib\ = "{a436c6ec-9040-4322-ab62-bdb9e81e2f6c}"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AADB3288-DE22-4CF7-8A72-E008AC4DB002}\TypeLib\ = "{220D75AD-0772-4C6C-A72F-8BF267C13CB5}"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{9378167C-FAC6-4DFB-BD4F-F7C195D2B1E4}\1.0\0	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE17CD12-2988-47B4-86E3-640288DE42CB}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{afed4702-7932-4426-aea4-9b248189c7a3}\InprocServer32	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\TypeLib\ = "{1A033AE8-0D4D-4EC8-A4A9-47BBE0B6489B}"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\WOW6432Node\CLSID\{e7472076-ff9d-4325-8eaf-613572008758}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C367B45-0824-419A-AF7F-157665B56ABA}\1.0\0\win32	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED49DF44-2DC8-4CFC-8510-DAF4DFCC5F40}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DDD8F3F-3774-484C-938C-4D9AB3A5F575}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{33119133-0854-469d-807A-171568457991}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7}\MiscStatus	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{696D3B4F-71EF-41CC-96FF-342317E644DE}\1.0\0	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7D153B1-5602-41A4-A012-06165B4B0C53}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C0CFCBE-D7E4-4778-8BFD-3A8D8B5A9CCD}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08855E67-37D6-48CC-B59E-A010D658A7BB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}\1.0\0	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e001b32e-5acb-4cce-9910-2d379ce0a6d6}\InprocServer32	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE17CD12-2988-47B4-86E3-640288DE42CB}\ = "IHttpControlEvents"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.RadioSettings	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}\1.0\ = "SkinLauncher 1.0 Type Library"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.SkinLauncher\CurVer	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FF14F9E4-44C9-4CAB-88CE-A4E8221D0206}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A61E8B4-1D41-43FC-8237-AAAF8755317B}\TypeLib	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C567FB88-C02E-4042-8685-8563D0633BE1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08855E67-37D6-48CC-B59E-A010D658A7BB}\TypeLib	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D43161C-85D1-460D-B835-342DEABD978D}\ProxyStubClsid32	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A525B28E-04EE-455F-8C17-3A0273EBEA2C}\1.0\0\win32\ = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin\\t8res.dll\\1306"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C0CFCBE-D7E4-4778-8BFD-3A8D8B5A9CCD}\TypeLib	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7D153B1-5602-41A4-A012-06165B4B0C53}\ProxyStubClsid32	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{696D3B4F-71EF-41CC-96FF-342317E644DE}\1.0\HELPDIR	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5b610696-32b6-416c-bf5c-ca4f60a345dd}\VersionIndependentProgID	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C27D391-1D58-4C02-878E-4E975B775B6F}\TypeLib\Version = "1.0"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{934894D3-9DF1-4063-BE0B-4246762A87D8}\ProxyStubClsid32	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{934894D3-9DF1-4063-BE0B-4246762A87D8}\TypeLib	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.PseudoTransparentPlugin\CurVer\ = "DictionaryBoss.PseudoTransparentPlugin.1"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.SkinLauncher.1\	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AADB3288-DE22-4CF7-8A72-E008AC4DB002}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6d0c6f55-e3eb-4d6b-8f52-996b4da196d9}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D1479029-BACC-4C9A-8C15-D857A2974E27}\1.0\ = "DataCtrl 1.0 Type Library"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{da08805b-ba32-426b-ad14-ecac8235a8aa}\InprocServer32\ = "C:\\Program Files (x86)\\DictionaryBoss\\bar\\1.bin\\v4dlghk.dll"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9A402FD-82C8-4743-991E-BC77E62DA0E5}\ = "DictionaryBoss HTML Menu"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{317D0A60-985E-4C4D-BA9B-8D1026665EA9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{045c5f24-9e13-4ea8-ab93-fddab34f3fa5}\ProgID	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5BD5AE73-FDA3-469B-9358-D4EDA7123370}\ProxyStubClsid32	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.UrlAlertButton\CurVer	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2c72f7a5-8160-4024-94d8-e0995d547bb0}\VersionIndependentProgID\ = "DictionaryBoss.DynamicBarButton"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6d0c6f55-e3eb-4d6b-8f52-996b4da196d9}\Version\ = "1.0"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DictionaryBoss.PseudoTransparentPlugin.1\CLSID\ = "{5b610696-32b6-416c-bf5c-ca4f60a345dd}"	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C27D391-1D58-4C02-878E-4E975B775B6F}	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

v4srchmn.exev4brmon.exe

pid process

1040 v4srchmn.exe
2784 v4brmon.exe

pid	process
1040	v4srchmn.exe
2784	v4brmon.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe

description	pid	process	target process
PID 3952 wrote to memory of 1040	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4srchmn.exe
PID 3952 wrote to memory of 1040	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4srchmn.exe
PID 3952 wrote to memory of 1040	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4srchmn.exe
PID 3952 wrote to memory of 1212	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4barsvc.exe
PID 3952 wrote to memory of 1212	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4barsvc.exe
PID 3952 wrote to memory of 1212	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4barsvc.exe
PID 3952 wrote to memory of 1532	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4barsvc.exe
PID 3952 wrote to memory of 1532	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4barsvc.exe
PID 3952 wrote to memory of 1532	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4barsvc.exe
PID 3952 wrote to memory of 2784	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4brmon.exe
PID 3952 wrote to memory of 2784	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4brmon.exe
PID 3952 wrote to memory of 2784	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4brmon.exe
PID 3952 wrote to memory of 2212	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4HighIn.exe
PID 3952 wrote to memory of 2212	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4HighIn.exe
PID 3952 wrote to memory of 2212	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4HighIn.exe
PID 3952 wrote to memory of 2980	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4barsvc.exe
PID 3952 wrote to memory of 2980	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4barsvc.exe
PID 3952 wrote to memory of 2980	3952	01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe	v4barsvc.exe

C:\Users\Admin\AppData\Local\Temp\01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe
"C:\Users\Admin\AppData\Local\Temp\01e5eeacde18d7e7a81749aa1e863795eba4aa7ebdbdd1d706e7584786e3d0fc.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3952

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe" /m=2 /w /h /r
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1040

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe" -remove
2⤵
- Executes dropped EXE
PID:1212

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe" -install
2⤵
- Executes dropped EXE
PID:1532

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe
"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe
"C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe" v4tpinst.dll,#5
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2212

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
"C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe" -remove
2⤵
- Executes dropped EXE
PID:2980

C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
1⤵
- Executes dropped EXE
PID:2476

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\DICTIO~1\bar\1.bin\t8res.dll
MD5
a74b4dd44d73e265d6db434b44425656

SHA1
597ca757cefd7f7ebde1a8c9f220e54140154c79

SHA256
212f45bad33ebdc10fb3faaa9792852e4cd2a7aaf4785f505765f5eb5b74192d

SHA512
62bdbd8dcef7e8bbcdaee558cbe1347db6e900dc40c26145e0cb7f27de5aa288bccda4ecd357c7fda25c69516da2bce75d074bb124160f9a2e3c16b43281571c

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4SrchMn.exe
MD5
cca818a157a991cfd0b0d17c0c6d4ecd

SHA1
585a73eb1dfa6b0b5c5ff5d76212fd8d0cef4df4

SHA256
886e8ba792af1250b359c8ccd8834f4d7d77badc3e8deae9cb6d8e8577842df7

SHA512
c644482c7dfaf81955ecfdea084527cfb4992e1632feb02f77848357ea0762b6a103c9460438b42b0f29b9ca64a874f0777a272a35338fa8dbaa553da526a972

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
MD5
622fcf264119f7df127be353f796b319

SHA1
56cf4f2ac44c6add5cdcd419ba4b99d22dc7a0e3

SHA256
6689d8f62f860178685496ef45520967afaeff94cfbcc64cf77074f21577e0a2

SHA512
57b261c5b9f30d6fc7da6ee70200c22cd07d11b94bf9107fba7fe793195112ce90b34bcc7774adf87de00b0abbc621602e7e164caf28975056d952d0eb1d7c6c

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
MD5
622fcf264119f7df127be353f796b319

SHA1
56cf4f2ac44c6add5cdcd419ba4b99d22dc7a0e3

SHA256
6689d8f62f860178685496ef45520967afaeff94cfbcc64cf77074f21577e0a2

SHA512
57b261c5b9f30d6fc7da6ee70200c22cd07d11b94bf9107fba7fe793195112ce90b34bcc7774adf87de00b0abbc621602e7e164caf28975056d952d0eb1d7c6c

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
MD5
622fcf264119f7df127be353f796b319

SHA1
56cf4f2ac44c6add5cdcd419ba4b99d22dc7a0e3

SHA256
6689d8f62f860178685496ef45520967afaeff94cfbcc64cf77074f21577e0a2

SHA512
57b261c5b9f30d6fc7da6ee70200c22cd07d11b94bf9107fba7fe793195112ce90b34bcc7774adf87de00b0abbc621602e7e164caf28975056d952d0eb1d7c6c

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
MD5
622fcf264119f7df127be353f796b319

SHA1
56cf4f2ac44c6add5cdcd419ba4b99d22dc7a0e3

SHA256
6689d8f62f860178685496ef45520967afaeff94cfbcc64cf77074f21577e0a2

SHA512
57b261c5b9f30d6fc7da6ee70200c22cd07d11b94bf9107fba7fe793195112ce90b34bcc7774adf87de00b0abbc621602e7e164caf28975056d952d0eb1d7c6c

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4barsvc.exe
MD5
622fcf264119f7df127be353f796b319

SHA1
56cf4f2ac44c6add5cdcd419ba4b99d22dc7a0e3

SHA256
6689d8f62f860178685496ef45520967afaeff94cfbcc64cf77074f21577e0a2

SHA512
57b261c5b9f30d6fc7da6ee70200c22cd07d11b94bf9107fba7fe793195112ce90b34bcc7774adf87de00b0abbc621602e7e164caf28975056d952d0eb1d7c6c

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe
MD5
35d6caaa9e4d82974a74dbdb53801f98

SHA1
0f78fe90af015b0a511ede007bd1791a341e891e

SHA256
5418b7bb40b097da6370ada1194f8b2d2d3eefa3ca36a6eb31d39df7791a25a3

SHA512
bdace57d273841bb476289d6fe9803c57a48ab7ce630b8797f848f6eb7816b00b43223fd28c8caa440b1b1d027a2dcf3cc9cee007fcf5905650d15e800c8b245

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brmon.exe
MD5
35d6caaa9e4d82974a74dbdb53801f98

SHA1
0f78fe90af015b0a511ede007bd1791a341e891e

SHA256
5418b7bb40b097da6370ada1194f8b2d2d3eefa3ca36a6eb31d39df7791a25a3

SHA512
bdace57d273841bb476289d6fe9803c57a48ab7ce630b8797f848f6eb7816b00b43223fd28c8caa440b1b1d027a2dcf3cc9cee007fcf5905650d15e800c8b245

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4brstub.dll
MD5
d3efe03300caf0fa2215206280d31220

SHA1
12ff3195bdaca5482034aac3c3e132d5ada421a9

SHA256
b67d6eba635dc1cec42eec2d1a1ceee34e43cb3a55e6080b1a17d29af5d9cf08

SHA512
a2e32cc4926e017f04a7feb3ed9da4a32741109b75ca845cdadc20b577c4d96f1de4d05e08466559c174b46731e0f8c35f305082c845f298c55779c6058e96a0

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4hkstub.DLL
MD5
98e56fd43f64538baa9b1f367951091f

SHA1
9d54baf23397e5f1444bc6471052ad234b76fbd3

SHA256
efbae6177e046b2a1b165cc0aeb1cb4812df29de4da48a8286abb9d02460384d

SHA512
baf47142fcca94069e2ec71eb00457b4187cad831e215e56539d23d01acc842b8bac090fa8d4827c55e4ad16019fd3310f2506515a3cc47cee0b7609585d23c1

Download Submit
C:\PROGRA~2\DICTIO~1\bar\1.bin\v4srchmn.exe
MD5
cca818a157a991cfd0b0d17c0c6d4ecd

SHA1
585a73eb1dfa6b0b5c5ff5d76212fd8d0cef4df4

SHA256
886e8ba792af1250b359c8ccd8834f4d7d77badc3e8deae9cb6d8e8577842df7

SHA512
c644482c7dfaf81955ecfdea084527cfb4992e1632feb02f77848357ea0762b6a103c9460438b42b0f29b9ca64a874f0777a272a35338fa8dbaa553da526a972

Download Submit
C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4HighIn.exe
MD5
635f5e4b01597d0baf2422245c8ff541

SHA1
9788294f2b8ab28dbae4c73bb61a6b1200bdd89d

SHA256
b1c485330062beb4d02e3e67e68de82c6ffa22b0bbf1eeb6356d2ae15d03249d

SHA512
d93fe70d449df96321d30f2ebd725af2cf07f0ebead6ba9db4af47ee513160d1a6a8f78533c642fe685609438a2d1af00089aaee202b820fc7bf7a2cca9ead02

Download Submit
C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4highin.exe
MD5
635f5e4b01597d0baf2422245c8ff541

SHA1
9788294f2b8ab28dbae4c73bb61a6b1200bdd89d

SHA256
b1c485330062beb4d02e3e67e68de82c6ffa22b0bbf1eeb6356d2ae15d03249d

SHA512
d93fe70d449df96321d30f2ebd725af2cf07f0ebead6ba9db4af47ee513160d1a6a8f78533c642fe685609438a2d1af00089aaee202b820fc7bf7a2cca9ead02

Download Submit
C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4tpinst.dll
MD5
0a15ebebda5dc52a95279efab3b98e2a

SHA1
41d9d722e583cbeb3da15061be203c4428e6ef60

SHA256
fb71b4792e7dc01eb9052538c5b7b1d4e6b6f6c3ff04b3b1716d44a7b1c6c2b9

SHA512
26fac031c1177680874f142d8607469ed358ae3c3e1c83a280274da72c9713627797a0d1d4e9696db439e86b76b0fff298caa42257ae02b9c749057869e558bc

Download Submit
\PROGRA~2\DICTIO~1\bar\1.bin\v4hkstub.dll
MD5
98e56fd43f64538baa9b1f367951091f

SHA1
9d54baf23397e5f1444bc6471052ad234b76fbd3

SHA256
efbae6177e046b2a1b165cc0aeb1cb4812df29de4da48a8286abb9d02460384d

SHA512
baf47142fcca94069e2ec71eb00457b4187cad831e215e56539d23d01acc842b8bac090fa8d4827c55e4ad16019fd3310f2506515a3cc47cee0b7609585d23c1

Download Submit
\PROGRA~2\DICTIO~1\bar\1.bin\v4hkstub.dll
MD5
98e56fd43f64538baa9b1f367951091f

SHA1
9d54baf23397e5f1444bc6471052ad234b76fbd3

SHA256
efbae6177e046b2a1b165cc0aeb1cb4812df29de4da48a8286abb9d02460384d

SHA512
baf47142fcca94069e2ec71eb00457b4187cad831e215e56539d23d01acc842b8bac090fa8d4827c55e4ad16019fd3310f2506515a3cc47cee0b7609585d23c1

Download Submit
\PROGRA~2\DICTIO~1\bar\1.bin\v4hkstub.dll
MD5
98e56fd43f64538baa9b1f367951091f

SHA1
9d54baf23397e5f1444bc6471052ad234b76fbd3

SHA256
efbae6177e046b2a1b165cc0aeb1cb4812df29de4da48a8286abb9d02460384d

SHA512
baf47142fcca94069e2ec71eb00457b4187cad831e215e56539d23d01acc842b8bac090fa8d4827c55e4ad16019fd3310f2506515a3cc47cee0b7609585d23c1

Download Submit
\PROGRA~2\DICTIO~1\bar\1.bin\v4hkstub.dll
MD5
98e56fd43f64538baa9b1f367951091f

SHA1
9d54baf23397e5f1444bc6471052ad234b76fbd3

SHA256
efbae6177e046b2a1b165cc0aeb1cb4812df29de4da48a8286abb9d02460384d

SHA512
baf47142fcca94069e2ec71eb00457b4187cad831e215e56539d23d01acc842b8bac090fa8d4827c55e4ad16019fd3310f2506515a3cc47cee0b7609585d23c1

Download Submit
\PROGRA~2\DICTIO~1\bar\1.bin\v4hkstub.dll
MD5
98e56fd43f64538baa9b1f367951091f

SHA1
9d54baf23397e5f1444bc6471052ad234b76fbd3

SHA256
efbae6177e046b2a1b165cc0aeb1cb4812df29de4da48a8286abb9d02460384d

SHA512
baf47142fcca94069e2ec71eb00457b4187cad831e215e56539d23d01acc842b8bac090fa8d4827c55e4ad16019fd3310f2506515a3cc47cee0b7609585d23c1

Download Submit
\PROGRA~2\DICTIO~1\bar\1.bin\v4hkstub.dll
MD5
98e56fd43f64538baa9b1f367951091f

SHA1
9d54baf23397e5f1444bc6471052ad234b76fbd3

SHA256
efbae6177e046b2a1b165cc0aeb1cb4812df29de4da48a8286abb9d02460384d

SHA512
baf47142fcca94069e2ec71eb00457b4187cad831e215e56539d23d01acc842b8bac090fa8d4827c55e4ad16019fd3310f2506515a3cc47cee0b7609585d23c1

Download Submit
\PROGRA~2\DICTIO~1\bar\1.bin\v4hkstub.dll
MD5
98e56fd43f64538baa9b1f367951091f

SHA1
9d54baf23397e5f1444bc6471052ad234b76fbd3

SHA256
efbae6177e046b2a1b165cc0aeb1cb4812df29de4da48a8286abb9d02460384d

SHA512
baf47142fcca94069e2ec71eb00457b4187cad831e215e56539d23d01acc842b8bac090fa8d4827c55e4ad16019fd3310f2506515a3cc47cee0b7609585d23c1

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll
MD5
613a49d621e77364ef1526148443ca3d

SHA1
b0a8621ea6e9fb1240456db36b9bf15a85289eb8

SHA256
f87fae18f7ab5950f4b527b70b4e992e6fd4ee0c29ad6a22024bcce2f155d2e9

SHA512
52442d62a3724941cf6757708a6fbde7d85bce0e87920f97ad9cec118d9d11805ad692c2608a3f94487c991489da76e159626808ce0a865b11ecc0222dc181d9

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll
MD5
613a49d621e77364ef1526148443ca3d

SHA1
b0a8621ea6e9fb1240456db36b9bf15a85289eb8

SHA256
f87fae18f7ab5950f4b527b70b4e992e6fd4ee0c29ad6a22024bcce2f155d2e9

SHA512
52442d62a3724941cf6757708a6fbde7d85bce0e87920f97ad9cec118d9d11805ad692c2608a3f94487c991489da76e159626808ce0a865b11ecc0222dc181d9

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\T8RES.DLL
MD5
a74b4dd44d73e265d6db434b44425656

SHA1
597ca757cefd7f7ebde1a8c9f220e54140154c79

SHA256
212f45bad33ebdc10fb3faaa9792852e4cd2a7aaf4785f505765f5eb5b74192d

SHA512
62bdbd8dcef7e8bbcdaee558cbe1347db6e900dc40c26145e0cb7f27de5aa288bccda4ecd357c7fda25c69516da2bce75d074bb124160f9a2e3c16b43281571c

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\T8RES.DLL
MD5
a74b4dd44d73e265d6db434b44425656

SHA1
597ca757cefd7f7ebde1a8c9f220e54140154c79

SHA256
212f45bad33ebdc10fb3faaa9792852e4cd2a7aaf4785f505765f5eb5b74192d

SHA512
62bdbd8dcef7e8bbcdaee558cbe1347db6e900dc40c26145e0cb7f27de5aa288bccda4ecd357c7fda25c69516da2bce75d074bb124160f9a2e3c16b43281571c

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4Plugin.dll
MD5
bb7056676d216426ef64089c927fd5b8

SHA1
a3fca13dca3f6acf7179ce50306b3677e210f39c

SHA256
9403afe9200722407b09470b9412b1e69edeff72a44cc05925150bd16741bef5

SHA512
e216dc03215e0020d5f1b97cb42c4d5cb43d48650fa888747588730686b9edf04bdfe892d255e9692a8e7dc899053212a94932c0192d80dd0162f91d2fba1fef

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll
MD5
cb31249537d2758f73046888aa02ca7a

SHA1
be21d76e502d546b2d88093e13f07923eb59380b

SHA256
3d43bed1f03d4b7c744f6dd7031fa98d13ee482b43ee7828a7dc5427cabeb835

SHA512
885025a255c2a18000bcd11cf9cf4d3bb2e7c5b4236b5defe881ab1a8c32b09c7a12d458d966adbf575fd46881ba1db5a945ab612bce995175effd1ea81b8d99

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4auxstb.dll
MD5
22ae719e91b4bfcdf6122d3e2a0f272e

SHA1
99df98dfef4b483889fa88162d20ee46340a5dbe

SHA256
2529f6465570ac7f0b82613c694181cc10515ee045cfaa48dd7402e9b9d791bf

SHA512
61028e30c28501f0c18c00ec8888cec3eade43b823a545608fc6ee9c6c2529723b5bede0cb2d4a016562a8ad4a59b1cf2b6ed00d1f745387ef9f15b05b63ce8f

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4auxstb.dll
MD5
22ae719e91b4bfcdf6122d3e2a0f272e

SHA1
99df98dfef4b483889fa88162d20ee46340a5dbe

SHA256
2529f6465570ac7f0b82613c694181cc10515ee045cfaa48dd7402e9b9d791bf

SHA512
61028e30c28501f0c18c00ec8888cec3eade43b823a545608fc6ee9c6c2529723b5bede0cb2d4a016562a8ad4a59b1cf2b6ed00d1f745387ef9f15b05b63ce8f

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll
MD5
67c8639dea593ab82d341bd4dfb18955

SHA1
4c6692e2608d9b3888c2a2f8c703763bea633bab

SHA256
b379d1c73aa25e67b0cd43d8a6aaae1d4604a252fd4451c0979c60bb0e5018dd

SHA512
d75e85eb58c7a6ea1d3c8dd4091f62c77399277416c4fe9801ac23a2feaa2f7cd45c5034ef78d9578e8214adcef21653e9ebc4c8c1c9a0ea3e538106a3d69e3a

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll
MD5
67c8639dea593ab82d341bd4dfb18955

SHA1
4c6692e2608d9b3888c2a2f8c703763bea633bab

SHA256
b379d1c73aa25e67b0cd43d8a6aaae1d4604a252fd4451c0979c60bb0e5018dd

SHA512
d75e85eb58c7a6ea1d3c8dd4091f62c77399277416c4fe9801ac23a2feaa2f7cd45c5034ef78d9578e8214adcef21653e9ebc4c8c1c9a0ea3e538106a3d69e3a

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brstub.dll
MD5
d3efe03300caf0fa2215206280d31220

SHA1
12ff3195bdaca5482034aac3c3e132d5ada421a9

SHA256
b67d6eba635dc1cec42eec2d1a1ceee34e43cb3a55e6080b1a17d29af5d9cf08

SHA512
a2e32cc4926e017f04a7feb3ed9da4a32741109b75ca845cdadc20b577c4d96f1de4d05e08466559c174b46731e0f8c35f305082c845f298c55779c6058e96a0

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brstub.dll
MD5
d3efe03300caf0fa2215206280d31220

SHA1
12ff3195bdaca5482034aac3c3e132d5ada421a9

SHA256
b67d6eba635dc1cec42eec2d1a1ceee34e43cb3a55e6080b1a17d29af5d9cf08

SHA512
a2e32cc4926e017f04a7feb3ed9da4a32741109b75ca845cdadc20b577c4d96f1de4d05e08466559c174b46731e0f8c35f305082c845f298c55779c6058e96a0

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brstub.dll
MD5
d3efe03300caf0fa2215206280d31220

SHA1
12ff3195bdaca5482034aac3c3e132d5ada421a9

SHA256
b67d6eba635dc1cec42eec2d1a1ceee34e43cb3a55e6080b1a17d29af5d9cf08

SHA512
a2e32cc4926e017f04a7feb3ed9da4a32741109b75ca845cdadc20b577c4d96f1de4d05e08466559c174b46731e0f8c35f305082c845f298c55779c6058e96a0

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4datact.dll
MD5
70a6b86cb0a6a3f7b35421ec7b9f5b7f

SHA1
baefcb03679575349e01668c4f0938643baaa022

SHA256
0059d01f099fffa09373a6ead57f3cd1c6772667b9a7eeb6edabca3cd1963cf1

SHA512
4d6cdd61afb68b3fe6b705c2298ce35a1e42834c17e4faae11413bda44f0739647b6d773e73b530046c37ec0e15d8687f7546c0cdf30dedf5b5ab2adbd8c427d

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4datact.dll
MD5
70a6b86cb0a6a3f7b35421ec7b9f5b7f

SHA1
baefcb03679575349e01668c4f0938643baaa022

SHA256
0059d01f099fffa09373a6ead57f3cd1c6772667b9a7eeb6edabca3cd1963cf1

SHA512
4d6cdd61afb68b3fe6b705c2298ce35a1e42834c17e4faae11413bda44f0739647b6d773e73b530046c37ec0e15d8687f7546c0cdf30dedf5b5ab2adbd8c427d

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dlghk.dll
MD5
8fb2c1103382577f8248d83e7487ea86

SHA1
0c88efcfa1c77d597111125a6c031ceb47b18ba7

SHA256
2e274740283a6977d068baf1d1535d7e235fbcfc0b7f620cb87bd42e07d30344

SHA512
bc5564d1129cfe1aa1a1c12ea180253807d132ddf4a442ddde12851b2250d77534fde7e2b7db88151707f5a6b29ed9b9f86e7c0fee2931f48d75846a408bbe52

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dlghk.dll
MD5
8fb2c1103382577f8248d83e7487ea86

SHA1
0c88efcfa1c77d597111125a6c031ceb47b18ba7

SHA256
2e274740283a6977d068baf1d1535d7e235fbcfc0b7f620cb87bd42e07d30344

SHA512
bc5564d1129cfe1aa1a1c12ea180253807d132ddf4a442ddde12851b2250d77534fde7e2b7db88151707f5a6b29ed9b9f86e7c0fee2931f48d75846a408bbe52

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dyn.dll
MD5
8d721a2bc356a862ac8b2349bbeb614c

SHA1
8090e240f528004402b29c11e5072bed79d95384

SHA256
5dc33b6ae31bb0b277f6db3b983e4adf5c509646b574c0630864ef462c6626c3

SHA512
57a61aef5c03e69ee26fc7baf3ae30198b95c28b0d8887e86015683c94ced7cb7e6a5cc310da13bb32d87f81ab33778c412d60f48a4f646e18d17242b609fb10

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4dyn.dll
MD5
8d721a2bc356a862ac8b2349bbeb614c

SHA1
8090e240f528004402b29c11e5072bed79d95384

SHA256
5dc33b6ae31bb0b277f6db3b983e4adf5c509646b574c0630864ef462c6626c3

SHA512
57a61aef5c03e69ee26fc7baf3ae30198b95c28b0d8887e86015683c94ced7cb7e6a5cc310da13bb32d87f81ab33778c412d60f48a4f646e18d17242b609fb10

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4feedmg.dll
MD5
f18d8bcb38dfd1409cf19f3ebd3de3ea

SHA1
2ca2ea6cf1ad1fe87c25d4ab6b1c7729e48c6390

SHA256
090686b394ebf791b262b97249b20083c6a78e6cb04847a3ba643eb64c5ff184

SHA512
b251f89728dda4f7250d39c6875d5362a89076340df34fc04f5d03773c354b0297bce2d9d898c5359339bdba49620fb143d72b5d9a6ce4ef2ab33ddab57e73a7

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4feedmg.dll
MD5
f18d8bcb38dfd1409cf19f3ebd3de3ea

SHA1
2ca2ea6cf1ad1fe87c25d4ab6b1c7729e48c6390

SHA256
090686b394ebf791b262b97249b20083c6a78e6cb04847a3ba643eb64c5ff184

SHA512
b251f89728dda4f7250d39c6875d5362a89076340df34fc04f5d03773c354b0297bce2d9d898c5359339bdba49620fb143d72b5d9a6ce4ef2ab33ddab57e73a7

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4html.dll
MD5
72b496621c4268b8a3a922b4a62cb08f

SHA1
de2eb55ff05d07b38012d152642c0336d32e7809

SHA256
e231ef960322118b93d6d039126f8bdff75340250138da3dc6a985f5746a4c0d

SHA512
e7f1527043d05c328bd5ef83c015d8434bed6d458eb6c3350aba4003eb3c8bbeedcd67d602f0aec73dd03d38ade580311ab895de279b9a9dd262ac8ec05e1156

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4html.dll
MD5
72b496621c4268b8a3a922b4a62cb08f

SHA1
de2eb55ff05d07b38012d152642c0336d32e7809

SHA256
e231ef960322118b93d6d039126f8bdff75340250138da3dc6a985f5746a4c0d

SHA512
e7f1527043d05c328bd5ef83c015d8434bed6d458eb6c3350aba4003eb3c8bbeedcd67d602f0aec73dd03d38ade580311ab895de279b9a9dd262ac8ec05e1156

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4htmlmu.dll
MD5
568c1f7d72e5eeddc97b05fb3e786ccf

SHA1
53f3044159ffcf82c746898941dbe3dc2ac9a24c

SHA256
264e123877da29452933488131e025c7c78abcf4390e09daa4c9530133f8c4a0

SHA512
aa2ec24caee713882663762bdefb8e54a43da53bc6f43f6e8af46461a32425de4e5aa52c0b2ec994df7565553f7100c89f87c745934f9f97be29d81f6490b9f2

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4htmlmu.dll
MD5
568c1f7d72e5eeddc97b05fb3e786ccf

SHA1
53f3044159ffcf82c746898941dbe3dc2ac9a24c

SHA256
264e123877da29452933488131e025c7c78abcf4390e09daa4c9530133f8c4a0

SHA512
aa2ec24caee713882663762bdefb8e54a43da53bc6f43f6e8af46461a32425de4e5aa52c0b2ec994df7565553f7100c89f87c745934f9f97be29d81f6490b9f2

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4httpct.dll
MD5
6df45cd8b40014f94f1a949fb96d3284

SHA1
978867b422339e68971e56c49c66f14f2acd745d

SHA256
c7a2447a749292e6aa3a8db104b46058af0f044ee376d6ca49a3764955d9b6b1

SHA512
aacbf2c8cf9e06d94b622762d33d2f8614410589ef8f0e02b87006e74c7c0dddab1ebd9e6018b6857b34ffcf5100b896c2bf06067e3bde659972ef966a64d996

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4httpct.dll
MD5
6df45cd8b40014f94f1a949fb96d3284

SHA1
978867b422339e68971e56c49c66f14f2acd745d

SHA256
c7a2447a749292e6aa3a8db104b46058af0f044ee376d6ca49a3764955d9b6b1

SHA512
aacbf2c8cf9e06d94b622762d33d2f8614410589ef8f0e02b87006e74c7c0dddab1ebd9e6018b6857b34ffcf5100b896c2bf06067e3bde659972ef966a64d996

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4idle.dll
MD5
121fe87b463651d75c9bff704883c978

SHA1
dc971c75ffce77cc952fb6660a2603e09d62d4d9

SHA256
120b46557864c807dde6be7c0c1e71a2110d784a242dc79159945669d920fdb6

SHA512
75337eb17c5db5276ecdc789e8e075376c18941047358e0946dc710580a5bbf2bf122d0c443e02e04f908bad18b5eb31c84b4e29a0676886af51d754b3bf1520

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4idle.dll
MD5
121fe87b463651d75c9bff704883c978

SHA1
dc971c75ffce77cc952fb6660a2603e09d62d4d9

SHA256
120b46557864c807dde6be7c0c1e71a2110d784a242dc79159945669d920fdb6

SHA512
75337eb17c5db5276ecdc789e8e075376c18941047358e0946dc710580a5bbf2bf122d0c443e02e04f908bad18b5eb31c84b4e29a0676886af51d754b3bf1520

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4ieovr.dll
MD5
b315203e6d9995156946194516cf5332

SHA1
92ac05fff3ad68271062a3dcb87e12ee6b816ddb

SHA256
aa30c65ee96701116138ebae7d1f0e831452a749f1f9724232a03e660ef13f51

SHA512
83d897c787d37804dee112dac89c51066969c59b77080404da0c2f0cd36db478f0eed31f127bc1e636ce3ce4ca4b96a2fc8a4aa62d2da52336fff8d33762ce5d

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4mlbtn.dll
MD5
896943b4b92b7e3f406844674f629076

SHA1
3eb4a6a25199e6339ec04f36189c71738de63ce7

SHA256
f8274d77f804ad805806d531e940956d096f75c6b6b17f34a753f1cbce6c1632

SHA512
35a39b00cf7e0da8b151a6261f833f12e442107157602d0a8cf991a424978158177203b79290f4b0ad8e6d0fee70e4655980727c3db3f26b249c49d98afa7e71

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4msg.dll
MD5
92aad41d2e12e797af52d4bcd75cbed7

SHA1
dfd07b722e317d1cddaab7d5b31bfab57cc5e739

SHA256
a2122cc682e9155708a0a8c12d1e0935231c82a30f4ec1afe0245d8ea4c7e7f6

SHA512
b005d8ed9d9413914a7c3b28277ab7b126843dcf2a4ca28e58c8e5cdb942d11384deb69cd7ecd5bb7d6ac9f5d593de36a5ded07bc8dc68f0b833ae3110276397

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4radio.dll
MD5
4876e787ed8d945838235f8cfe079d05

SHA1
77c8dc985373b1e5d9035ecb3a831c7dd1abfd55

SHA256
97b3a0272aa17e018d91d235cf5e21882a626bfc0ece264a699c25c2999bb9fc

SHA512
dc920a2ad55acc725ee362bab710f50e8edc92729bcc6c1793471e9fef17352218c9680e132ddea95dbe16415c6c2c18cd00b0f52b1c3143395fff8e681e7ac4

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regfft.dll
MD5
5de55f0f8967fdb31ee5b259a5aba975

SHA1
c5f26031d5e0c487bff0d60aa44603135bf60395

SHA256
159ffbb40567e8ebbcb29a24fa76bad6f1af81f5ec45a75cc5875dcdb5a78e4b

SHA512
72320cec163ee236569a7f747e4aa819a81796f7de13feccd553477546223ca706e67f2554f724b240b1445753129d476485bd2b8e57d413877467437c684028

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4reghk.dll
MD5
d6fe3862a778c97c518bf466407cab7d

SHA1
c9c4aae19a349c578399bac5a5d780ed8be3ab00

SHA256
c6ab034a50ee2d7dbefab002144bfb63387d3b5c4aecb802a2824480d78d94e3

SHA512
493bb820f741d5afa1f6590912b859b4d8945bcf5afeb6ae0e5135342abe6ef78255734526311249607f10613b5c51ff5fe5460d57581a4d600b48159590564d

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4regiet.dll
MD5
a4c73c71941826db74af6598336eda99

SHA1
65d604a070334183e5034cdeec5838e46d705794

SHA256
64fa4044c2e8657b84eea6de847254731f20c010eed16bce9e82201dad825c13

SHA512
a8471104d239709c039a56f1aefb0f9004c1b038df3bf830e125a1efbcab5fbe2e77e19d4d78fee50c8357c192dc27e67957cb951225a01907a6322591efe6c4

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4script.dll
MD5
2c0327baa4c4e39bc839fcaeb7156dd2

SHA1
72e48f7f37e208a52ad975eaecab29fc50223c27

SHA256
5b1fe0d4b92c46a303e112763b926c978d5a60462f72327aa4655d7663507652

SHA512
9b2b3e90fdfc5067e3d3f5c13d60103eb036f9e3ba8cce990fb97a17a4668b9033ce823793f03fb39070b140d0e3d1956000d0b339735e938dba40b95c566034

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4skin.dll
MD5
00fbbb2b564dd1f2f54ed0810a08b8d9

SHA1
857980a7b7ab77ff8e34a090ccd76b8ba628e7e4

SHA256
5925099be414f4f006fdbbac9d46b50d2c25e97410e9f1bd931e13ec586cd669

SHA512
13b6e9965fdfe4ec390b5d9146303d34e12dc0e23f85202a0954345cdb83d9d004a98eaf45dd4fb0cfd684546d483b7a23e7dbc63f64df506dd7b5bbc5ed4547

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4sknlcr.dll
MD5
4d660347c844a8bf9ee0fbe4a086bd54

SHA1
496310ee0816b49176e03226db102fae9aa452b4

SHA256
561bd2c1ead9313dc75693b36b8741108113186494c153ede8ae2dfd490b2a7b

SHA512
4c20bf2979083dd55565d866caddd3cb4f7fdc8b606f905698476a96cbd9f2d974b4f0c00ad6c38cd61e3b54e249356c1622384a6753818bbdb3249e0ce33483

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4tpinst.dll
MD5
0a15ebebda5dc52a95279efab3b98e2a

SHA1
41d9d722e583cbeb3da15061be203c4428e6ef60

SHA256
fb71b4792e7dc01eb9052538c5b7b1d4e6b6f6c3ff04b3b1716d44a7b1c6c2b9

SHA512
26fac031c1177680874f142d8607469ed358ae3c3e1c83a280274da72c9713627797a0d1d4e9696db439e86b76b0fff298caa42257ae02b9c749057869e558bc

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4tpinst.dll
MD5
0a15ebebda5dc52a95279efab3b98e2a

SHA1
41d9d722e583cbeb3da15061be203c4428e6ef60

SHA256
fb71b4792e7dc01eb9052538c5b7b1d4e6b6f6c3ff04b3b1716d44a7b1c6c2b9

SHA512
26fac031c1177680874f142d8607469ed358ae3c3e1c83a280274da72c9713627797a0d1d4e9696db439e86b76b0fff298caa42257ae02b9c749057869e558bc

Download Submit
\Program Files (x86)\DictionaryBoss\bar\1.bin\v4uabtn.dll
MD5
6335d76eb910f4ae1fc616b208c7c300

SHA1
110033f4a78dca521e8ba73f75747e4e3b6ae545

SHA256
54fa5362ab82e7b7d631c48b7931ca50efeac29e2bfbbea30619f8f6be3b45e3

SHA512
60fef65b4fe22ca617d4b5bf7bf3bb3ba44190437666889f26c4e65244b423b97681fcc44d11606ffdc4ccd71b598f096c7b08de07ecf1c82ac0a617963c5ec7

Download Submit
memory/1040-119-0x0000000000000000-mapping.dmp

Download
memory/1212-123-0x0000000000000000-mapping.dmp

Download
memory/1532-128-0x0000000000000000-mapping.dmp

Download
memory/2212-162-0x0000000000000000-mapping.dmp

Download
memory/2784-132-0x0000000000000000-mapping.dmp

Download
memory/2784-142-0x00000000001E1000-0x00000000001E3000-memory.dmp

Filesize
8KB

Download
memory/2980-174-0x0000000000000000-mapping.dmp

Download