4cd2920c8c741ccbf40c29ff706e6798c4d0afd6b3202b6b85fbe851172114b5

Analysis

max time kernel
133s
max time network
134s
platform
windows10_x64
resource
win10-en-20211014
submitted
20-10-2021 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

531KB
MD5

3c8978cc4c32a700553ed39c6091a0a2
SHA1

d0443973ea5333d3fd8791a83aae83af20623533
SHA256

4cd2920c8c741ccbf40c29ff706e6798c4d0afd6b3202b6b85fbe851172114b5
SHA512

3a6d39dab2dea45e53de3475c60732483b2d6831a0de6235faa3517414c79a92741f9b56040ed6e31e088d689b158f93cc5d7e47ced1fb00a2e681c502240ce2

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing
Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs

Processes:

WerFault.exeWerFault.exe

description pid process target process

PID 1748 created 3632 1748 WerFault.exe L2Branch3.exe
PID 3600 created 3696 3600 WerFault.exe L2Branch3.exe
Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

L2Branch3.exeL2Branch3.exe

pid process

3632 L2Branch3.exe
3696 L2Branch3.exe

description	pid	process	target process
PID 1748 created 3632	1748	WerFault.exe	L2Branch3.exe
PID 3600 created 3696	3600	WerFault.exe	L2Branch3.exe

Loads dropped DLL 28 IoCs

Processes:

L2Branch3.exeL2Branch3.exe

pid	process
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3632	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
3696	L2Branch3.exe

Program crash 4 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2124	3632	WerFault.exe	L2Branch3.exe
1748	3632	WerFault.exe	L2Branch3.exe
2196	3696	WerFault.exe	L2Branch3.exe
3600	3696	WerFault.exe	L2Branch3.exe

Modifies registry class 64 IoCs

Processes:

dfsvc.exeL2Branch3.exeL2Branch3.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\l2br..tion_98d02ad2f10d89fe_0001.0015_67bd4716d28d0caf\reference!S_{3f471841-eef2-47d6-89c0-d028f03a4ad5}	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\l2.t..zers_none_0008.000a_none_d1e542ff8d7a1c77	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\xcee..rols_ba83ff368b7563c6_0003.0004_none_fe04135a7fd5c993	L2Branch3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Families\Gi_l2br..tion_98d02ad2f10d89fe_86e72942a5481572\LastRunVersion = 68747470733a2f2f6f726967696e2d7765622e696e7374616c6c2e6c326465616c65722e636f6d2f436c69636b2f4c324272616e6368332f4c324272616e6368332e6170706c69636174696f6e234c324272616e6368332e6170706c69636174696f6e2c2056657273696f6e3d312e32312e313032302e342c2043756c747572653d656e2d47422c205075626c69634b6579546f6b656e3d393864303261643266313064383966652c2070726f636573736f724172636869746563747572653d7838362f4c324272616e6368332e6578652c2056657273696f6e3d312e32312e313032302e342c2043756c747572653d656e2d47422c205075626c69634b6579546f6b656e3d393864303261643266313064383966652c2070726f636573736f724172636869746563747572653d7838362c20747970653d77696e3332	L2Branch3.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\xcee..tors_ba83ff368b7563c6_0002.0003_none_98cf679bc9008bd0	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\l2.d..ewer_none_0009.0007_none_781e6ff16d583b9e	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\sync..core_632609b4d040f6b4_0006.0066_none_f52af34dcf601e94\lock!380000004e09770f300e0000540c00000000000000000000 = 30303030306533302c30316437633564623561656533623233	L2Branch3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager\Applications\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\HasRunBefore = 01	L2Branch3.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components	L2Branch3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\sync..dows_3d67ed1f87d44c89_0006.0066_none_3930442d5d43e73d\SizeOfStronglyNamedComponent = 9cc6180000000000	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\xcee..tors_ba83ff368b7563c6_0002.0003_none_98cf679bc9008bd0\SizeOfStronglyNamedComponent = f3f4070000000000	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\sync..dows_3d67ed1f87d44c89_0006.0066_none_6fadffcc09cf61c1	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\sync..base_3d67ed1f87d44c89_0006.0066_none_c56a84a8c90a78a8\Files\Syncfusion.Shared.Base.dll_7f8d1d3ac74d5cd = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\deve..20.1_b88d1754d700e49a_0014.0001_none_abbdd6ff2414b16d	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\inte..elib_none_0001.0000_none_19283f38d9b250d9	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\deve..20.1_b88d1754d700e49a_0014.0001_none_06f461c491faaf4c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\xcee..rols_ba83ff368b7563c6_0003.0004_none_fe04135a7fd5c993\Files\Xceed.SmartUI.Controls.dll_960dce82b917d55 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\axin..ocvw_none_0001.0001_none_2556e9fdae44dcdd\ident = 4178496e7465726f702e5348446f6356772c2056657273696f6e3d312e312e302e302c2043756c747572653d6e65757472616c2c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\xcee..tyle_ba83ff368b7563c6_0003.0004_none_3f43550b23cf8152\DigestMethod = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\xcee..tors_ba83ff368b7563c6_0002.0003_none_98cf679bc9008bd0\lock!5a000000570a770f300e0000540c00000000000000000000 = 30303030306533302c30316437633564623561656533623233	L2Branch3.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\log4net_1b44e1d426115821_0001.0002_none_1dbdc385b5af585e	L2Branch3.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\xceed.ui_ba83ff368b7563c6_0001.0002_none_9aa2270b6e9b907c	L2Branch3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_67bd4716d28d0caf\l2br...exe_98d02ad2f10d89fe_0001.0015_en-gb_037f99e4f = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br...exe_98d02ad2f10d89fe_0001.0015_en-gb_037f99e4f2fe3b82\Files\Cef\locales\en-US.pak_b9109b69956d71a3 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\sync..dows_3d67ed1f87d44c89_0006.0066_none_36cc510fcd = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\deve..20.1_b88d1754d700e49a_0014.0001_none_abbdd6ff24	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\sync..dows_3d67ed1f87d44c89_0006.0066_none_6fadffcc09cf61c1	L2Branch3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\deve..20.1_b88d1754d700e49a_0014.0001_none_20441813ad5db448\lock!56000000dd69770f38060000d00200000000000000000000 = 30303030303633382c30316437633834373732356361366632	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_en-gb_a8d91bbb5f65a747\SizeOfStronglyNamedComponent = c274000000000000	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\l2me..rary_none_0009.0007_none_24f8f1c115697e0c\Files	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\deve..20.1_b88d1754d700e49a_0014.0001_none_9a5b1395cb = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\l2.w..zers_none_0008.0008_none_debb21ca350c396e\Files = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\newt..json_30ad4fe6b2a6aeed_0004.0005_none_8f380177a126b8c7\lock!64000000570a770f300e0000540c00000000000000000000 = 30303030306533302c30316437633564623561656533623233	L2Branch3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\xcee..tors_ba83ff368b7563c6_0002.0003_none_98cf679bc9008bd0\identity = 58636565642e456469746f72732c2056657273696f6e3d322e332e373332362e31343133302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d424138334646333638423735363343362c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\deve..20.1_b88d1754d700e49a_0014.0001_none_080fc2b8778aa0cc\implication!l2br..tion_98d02ad2f10d89fe_0001.0015_67b = 68747470733a2f2f6f726967696e2d7765622e696e7374616c6c2e6c326465616c65722e636f6d2f436c69636b2f4c324272616e6368332f4c324272616e6368332e6170706c69636174696f6e234c324272616e6368332e6170706c69636174696f6e2c2056657273696f6e3d312e32312e313032302e342c2043756c747572653d656e2d47422c205075626c69634b6579546f6b656e3d393864303261643266313064383966652c2070726f636573736f724172636869746563747572653d783836	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\deve..20.1_b88d1754d700e49a_0014.0001_none_20441813ad5db448\lock!120000000101770f38060000cc0e00000000000000000000 = 30303030303633382c30316437633834373732356361366632	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\sync..base_3d67ed1f87d44c89_0006.0066_none_17d978773b88244d\lock!1e000000446b770f700e0000e00d00000000000000000000 = 30303030306537302c30316437633564623661636236373263	L2Branch3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\deve..20.1_b88d1754d700e49a_0014.0001_none_9a5b1395cb414805\SizeOfStronglyNamedComponent = 4f43060000000000	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\l2logon_none_0008.000a_none_d3d9a35c18d258e5\Files	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\xcee..tion_ba83ff368b7563c6_0001.0001_none_42002c78d88c035c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br...exe_98d02ad2f10d89fe_0001.0015_en-gb_037f99e4f2fe3b82\Files\Cef\locales\zh-TW.pak_63308bed159a06e1 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br...exe_98d02ad2f10d89fe_0001.0015_en-gb_037f99e4f2fe3b82\Files\Connection_Test.xml_a0cdf2ac194aa010 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\xceed.grid_ba83ff368b7563c6_0003.0006_none_bb5d0a816227c55e\DigestValue = 98a69dfb487a02ac9bd1c2a3ef8613ac5f109584	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\axin..ocvw_none_0001.0001_none_2556e9fdae44dcdd	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\xcee..tyle_ba83ff368b7563c6_0003.0004_none_3f43550b23cf8152\SizeOfStronglyNamedComponent = 6492030000000000	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\VisibilityRoots	L2Branch3.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\xcee..rols_ba83ff368b7563c6_0003.0004_none_fe04135a7fd5c993	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\xcee..tyle_ba83ff368b7563c6_0003.0004_none_3f43550b23cf8152\Files	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\l2.config_none_0008.000a_none_3b3301c1482ac923\Files\ = 01	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion	L2Branch3.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\deve..20.1_b88d1754d700e49a_0014.0001_none_89d74d358c3cbf78	L2Branch3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\deve..20.1_b88d1754d700e49a_0014.0001_none_080fc2b8778aa0cc\lock!16000000446b770f700e0000e00d00000000000000000000 = 30303030306537302c30316437633564623661636236373263	L2Branch3.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\xcee..tors_ba83ff368b7563c6_0002.0003_none_98cf679bc9008bd0	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\l2logon_none_0008.000a_none_d3d9a35c18d258e5\Files\L2 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\xcee..tyle_ba83ff368b7563c6_0003.0004_none_3f43550b23cf8152\lock!3e0000000101770f38060000cc0e00000000000000000000 = 30303030303633382c30316437633834373732356361366632	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\xcee..rtui_ba83ff368b7563c6_0003.0004_none_51cf789da45ab97d\lock!6a000000570a770f300e0000540c00000000000000000000 = 30303030306533302c30316437633564623561656533623233	L2Branch3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br...exe_98d02ad2f10d89fe_0001.0015_en-gb_037f99e4f2fe3b82\Files\x86\SQLite.Interop.dll_10ad318f9aef1167 = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\sync..core_632609b4d040f6b4_0006.0066_none_f52af34dcf601e94\DigestMethod = 01	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\deve..20.1_b88d1754d700e49a_0014.0001_none_9a5b1395cb414805\lock!0c0000000101770f38060000cc0e00000000000000000000 = 30303030303633382c30316437633834373732356361366632	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\xcee..tion_ba83ff368b7563c6_0001.0001_none_42002c78d88c035c\DigestValue = 557189fde792aedb43b7ced518144bebcd8f3585	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\xceed.grid_ba83ff368b7563c6_0003.0006_none_bb5d0a816227c55e\identity = 58636565642e477269642c2056657273696f6e3d332e362e373332362e31343133302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d424138334646333638423735363343362c2070726f636573736f724172636869746563747572653d6d73696c	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\newt..json_30ad4fe6b2a6aeed_0004.0005_none_8f380177a126b8c7\lock!68000000dd69770f38060000d00200000000000000000000 = 30303030303633382c30316437633834373732356361366632	dfsvc.exe
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Marks\deve..core_b88d1754d700e49a_0014.0001_none_de761f53f68c6159	dfsvc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\sync..base_3d67ed1f87d44c89_0006.0066_none_17d978773b = 01	dfsvc.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	setup.exe

NTFS ADS 2 IoCs

Processes:

dfsvc.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Branch3.exe\:Zone.Identifier:$DATA	dfsvc.exe
File created	C:\Users\Admin\AppData\Local\Temp\Deployment\JJZ9N3OE.A09\6CL3XKRW.73X\L2Branch3.exe:Zone.Identifier	dfsvc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

L2Branch3.exeWerFault.exeWerFault.exeL2Branch3.exeWerFault.exeWerFault.exe

pid	process
3632	L2Branch3.exe
3632	L2Branch3.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
3696	L2Branch3.exe
3696	L2Branch3.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe
3600	WerFault.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

dfsvc.exeL2Branch3.exeWerFault.exeWerFault.exeL2Branch3.exeWerFault.exeWerFault.exe

description	pid	process
Token: SeDebugPrivilege	1592	dfsvc.exe
Token: SeDebugPrivilege	3632	L2Branch3.exe
Token: SeRestorePrivilege	2124	WerFault.exe
Token: SeBackupPrivilege	2124	WerFault.exe
Token: SeDebugPrivilege	2124	WerFault.exe
Token: SeDebugPrivilege	1748	WerFault.exe
Token: SeDebugPrivilege	3696	L2Branch3.exe
Token: SeDebugPrivilege	2196	WerFault.exe
Token: SeDebugPrivilege	3600	WerFault.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

dfsvc.exe

pid process

1592 dfsvc.exe

pid	process
1592	dfsvc.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

setup.exedfsvc.exe

description	pid	process	target process
PID 2536 wrote to memory of 1592	2536	setup.exe	dfsvc.exe
PID 2536 wrote to memory of 1592	2536	setup.exe	dfsvc.exe
PID 1592 wrote to memory of 3632	1592	dfsvc.exe	L2Branch3.exe
PID 1592 wrote to memory of 3632	1592	dfsvc.exe	L2Branch3.exe
PID 1592 wrote to memory of 3632	1592	dfsvc.exe	L2Branch3.exe
PID 1592 wrote to memory of 3632	1592	dfsvc.exe	L2Branch3.exe
PID 1592 wrote to memory of 3632	1592	dfsvc.exe	L2Branch3.exe
PID 1592 wrote to memory of 3696	1592	dfsvc.exe	L2Branch3.exe
PID 1592 wrote to memory of 3696	1592	dfsvc.exe	L2Branch3.exe
PID 1592 wrote to memory of 3696	1592	dfsvc.exe	L2Branch3.exe
PID 1592 wrote to memory of 3696	1592	dfsvc.exe	L2Branch3.exe
PID 1592 wrote to memory of 3696	1592	dfsvc.exe	L2Branch3.exe

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2536

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
2⤵
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1592

C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Branch3.exe
"C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Branch3.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 1376
4⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 1372
4⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1748

C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Branch3.exe
"C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Branch3.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 1348
4⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 1348
4⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3600

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\dfshim.dll",ShOpenVerbShortcut C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IG INDEX\L2Branch3.appref-ms|
1⤵
PID:2704

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\GeneralFunctionLibrary.dll
MD5
ca3944bbb2d9aa4661251826620128b6

SHA1
5fad2242e5ba91eec1d0b2e73bddaf7c5b3ad1a2

SHA256
923d0c89be12f58098a22b688d3d11f12365bc57aec0cb083fd7a55a90e3047d

SHA512
f4aec6f1b95fc2681355267cc162a78afbd45120c19d7c1c83cc2deb55cc7625ba049d22a4a73de1ec7b3007eb425013f23ebba21a4fa481e166dd5ebcc083c5

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\Interop.SECOMCONTROLBLUELib.dll
MD5
48f377ebdded883df1962590f59fa0e0

SHA1
712434a09eb10f8511f1f86a916b3d8e8b09c68b

SHA256
e55439b7e5b6cdbcfd94ec0abd73498d6295176bd7f4e199a23affad8a9d303e

SHA512
4d54ee14f6695a78f9b0395db2d18b45ad3894dbd59b7a1059651154263b6b4edc64a141a1d792453ff4dc92feccf827c102522b151ca0f047bf64b7187449e2

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Branch3.exe
MD5
c70745aeca6eae577487382fdf05caae

SHA1
b55aad05a57c9723be703f91b0de7c4a24e95011

SHA256
8d2b0c034f5f7d136cd924f61040afe6be21473836b88f6ce325da6e28d8f716

SHA512
b1f7356e7d168155c4af8a44984f87b9fc76e735b01de8af74444ee5c241811738e0b0eaf6a4cc592e508f834de05eb88924c3c5905138bbb5f984f56d5ac186

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Branch3.exe
MD5
c70745aeca6eae577487382fdf05caae

SHA1
b55aad05a57c9723be703f91b0de7c4a24e95011

SHA256
8d2b0c034f5f7d136cd924f61040afe6be21473836b88f6ce325da6e28d8f716

SHA512
b1f7356e7d168155c4af8a44984f87b9fc76e735b01de8af74444ee5c241811738e0b0eaf6a4cc592e508f834de05eb88924c3c5905138bbb5f984f56d5ac186

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Branch3.exe
MD5
c70745aeca6eae577487382fdf05caae

SHA1
b55aad05a57c9723be703f91b0de7c4a24e95011

SHA256
8d2b0c034f5f7d136cd924f61040afe6be21473836b88f6ce325da6e28d8f716

SHA512
b1f7356e7d168155c4af8a44984f87b9fc76e735b01de8af74444ee5c241811738e0b0eaf6a4cc592e508f834de05eb88924c3c5905138bbb5f984f56d5ac186

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Branch3.exe.config
MD5
923a7d920d6ae9a9e567da48338e1c95

SHA1
10eb1b2421b4332d9e334958e84b3b0ae27d397c

SHA256
c81cd055507439a1cb41bfe697763f8f5ca1a9182312faae27ebf2e52d38eeca

SHA512
2651b33c5ec788806177b83166019ff93dea0adf68e3331e7613671c20d66aac29138dd607941ae6b582f32dc33176c71590ad4352a872f264f3dfcb351aa3d2

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2BusinessLibrary.dll
MD5
a150589980ce6c6c69a70e6003e2b7a5

SHA1
65cf8f9f53c7786764c96f1916b682545491c10b

SHA256
ad5570673db3622f0f43bd5593fc8174c47e614925948696ad4184794cf8661a

SHA512
b05f0ea633f6f409c73e31c367e1519839a0fe36a5645305d1dfd66ee74d13fc0ee48133fd894dd337b69bf7bf3be909b9ec9c62236ea7c1089f67a0fdb49fd8

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2CommonControls.dll
MD5
585efc65460c35a72d8e1894749a9337

SHA1
c0bc678b7aaf7fe9c4b1207cd785d4c6be9e0676

SHA256
f5aa8377b8479f4d29ceea50a9770425e469dffff31845fd10f704151cbe8d4a

SHA512
27c5b54589f6136026693e8111cd24b7286965a64d6d63d1dc213edf593d656eceba37aec4db40ea01066341dcdaffba30a1039c49a9c5530807fb5bec9b2659

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Logon.exe
MD5
c471fc25a5338247f65e2064a17b3bbe

SHA1
ce97c6791f09eb616de7336e84f902e53a937b74

SHA256
110e97de8123970883320b43e6e6ddeedf8172283379963070213f9a9c2350a8

SHA512
a07a83dba58fb8810c4c7b2002f5964374489a3580b4a12abb6c1f6f5beef4185df2ef4c5bb7105c075ef792e61b4288441da9a84db1c001aefd2c113e7c6b4c

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2MessagingLibrary.dll
MD5
bc0c3a34e793367799ef020cb1ac59cb

SHA1
78fada1b3af10c9d0a636dcd4a1285380fc2f424

SHA256
3f4357c63d829c6bdc52964388708918c2d1555b5201ffac30b9ffba104782af

SHA512
3e49ce99c4c4ce553259909f72542dde2981983e4b2b8ca7d234020eab75ece8df56ef5c29f124197fe708f8b9013679658a263aaf722922a8381a8f7ed372a9

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\log4net.dll
MD5
b89cb7f3f1a1e2807e708f5435deb13d

SHA1
82cde65a7514c0e465ee0d505be56c56639ff0b1

SHA256
27d26aab42f7cab35bf51d0536c67ed553fc97b670226b868805e7c6927e5c87

SHA512
0bd0da0cc01eb62ba1dea21666bccf76db6c7dcb2ddfa608bea61da0ffa230a60a66e91449b2664de006066eb63d26daafb3bf7b932c8a22ccd347dbd707e68b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\deve..20.1_b88d1754d700e49a_0014.0001_none_06f461c491faaf4c.cdf-ms
MD5
131b9b5ea0a1e825bc1df1c5db66fa5e

SHA1
6f74f993273c405c9bf5b8da62f773ea4ce35313

SHA256
fcbabf7c83231d74177c4ddb3a355bbe7821b91dd4930ab0dec2b9f972c7f0c4

SHA512
a83eabe58015f9c9a27dd2b3362577d0fad731ac862c3cea5c4a5c31478f0daf4e830a58905bb6317a81f801360d08c5d418ff5ebd651c1854435d726c2a9554

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\deve..20.1_b88d1754d700e49a_0014.0001_none_080fc2b8778aa0cc.cdf-ms
MD5
7c38967394edfab3c10594746c939124

SHA1
afaa27dc3c8693b4eb4389780870f0936e60a85c

SHA256
088267f1c074df79d4bae751169d32174717b35f539aa8baf84c088c61d13d7c

SHA512
abf5b160f5dc95aad0cefe695283dfdd0c0d57860e0599403dbc1b206b268baae88c2f1a0df41df088f9400d6124f9ca43b5025f6965f7a75653483f602b920b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\deve..20.1_b88d1754d700e49a_0014.0001_none_20441813ad5db448.cdf-ms
MD5
f596f47ae272b3058aefd4e47a796c10

SHA1
53043d96e7fa6f04075e698a4f71a04ee3e8ee4b

SHA256
8ca24053efc0c2e0f8fa7faa22d6f31514db96e5a340cedf122b1354f6b609d2

SHA512
1f98ed4f1ebb6cc8d7eb9c9abab60374986e440e951ffdbe08b51de1f6540989914565ec3201ac56413607892423ed9d83a0d6a234b7d0da899e95151f6d2a5f

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\deve..20.1_b88d1754d700e49a_0014.0001_none_443c8eed6b67a40a.cdf-ms
MD5
248281c892dc2054f2fa2ebe29f298d9

SHA1
aef245244fe07b02d99825e7e1271d069a6adb22

SHA256
089bf3f35a51d1ac986ef718d8bd7bfd35f5341c692e67b35361c0d8df9b35ef

SHA512
3b424f15a946dd696e9db07cc6527c79ab802b450049339e8abf890a0ecb2227fb3cf4efa6b31b09709672f0aaed8e737f9cb6a274a05babc1ac5d6c41c4b6b5

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\deve..20.1_b88d1754d700e49a_0014.0001_none_89d74d358c3cbf78.cdf-ms
MD5
bc1a968aad13153546725af8de177bca

SHA1
ead4efc2aa0574f5664d4b36a3b04fba4f7b0db4

SHA256
7f2c502c85ccd814fb055ad2ecbbcb2f891de2b077cd501b0bd463925e018b1e

SHA512
cffbd46c3e33df12a0838ebad52f6110c8debac2a01832cc9baa80c2fcdc89e9b8ed9b8f68a32eb0324d197902c879e1673ed540b802545a359080f0996c9a28

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\deve..20.1_b88d1754d700e49a_0014.0001_none_9a5b1395cb414805.cdf-ms
MD5
46bb0f12998a601a26475569d890d680

SHA1
916d57e52952ebea36746d3b60cead34fea4695c

SHA256
debe7bd66a53ff1d713afee0f0a522cf30dfa85c362faef4bacb9016d3a9960e

SHA512
9ff54ba7eb0e557a9e2b4f5e01eba7c52d84189580da4601a872b4ccaf2d004d617a74659f69e19b79e723f1508e4543442ffa4de608ad4a7715e149cfec1487

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\deve..20.1_b88d1754d700e49a_0014.0001_none_a1c54acd6dba2fa1.cdf-ms
MD5
3288f9477dd874d7d6a371843f3ca94e

SHA1
f4630db9d4146b5cac4d7564ef58786a33f1cbdc

SHA256
c8a938002b9c51a8329cb0847f5057c68cd33d9c599244d286511d0e6ab1fe5e

SHA512
d6a3b2be52449efef096310471f5c81f9cb8997bce6779443af059e67b05fca863347be8a8205961b49504b5cee2df3b81351ec77213a17fb9bbfeff025e745a

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\deve..20.1_b88d1754d700e49a_0014.0001_none_abbdd6ff2414b16d.cdf-ms
MD5
a345ff4978466e6c02af989414a1bcaa

SHA1
fd1700830c61cdb6c20589806f817a92994d403e

SHA256
59b82b3c6c8b47a22eff8defd5c11859f0b78176633edf6bbbeaca7cc9fa8abf

SHA512
a57e4a99d116bdd3dc65194fbdf9d162261f782e616e5e3a0e04d7f0dc497143a5ad78ad2a3cde79b627a0306edfa929d60fd1bbacac13930cda1d756b268120

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\deve..core_b88d1754d700e49a_0014.0001_none_b5f7bdfbceb15f29.cdf-ms
MD5
b34e91dfce713d7bc971888210a977b3

SHA1
c778fda08b2c7fd9c7e6a992c91e7a3b165a8a73

SHA256
afa62f4f962256e7bfe52eeca8e694a7ea8d7aec51e6078ff616a258220e2bfa

SHA512
b19d257a2e4cf11a34c9910d3b0339bd2073337510504ff0182d014f0823d41a3ea48052663e5a95e99109167a5b785f331f142e4a947835c7281a3f6466372e

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\deve..core_b88d1754d700e49a_0014.0001_none_de761f53f68c6159.cdf-ms
MD5
c242e48679a484686ec56f6186940921

SHA1
c90475aa9960ff5c4a39b4dece345e066168f91a

SHA256
0c039fc456986df5bf522628138b1acf3d6bbc93d58d3d246ea9436977b1fb1c

SHA512
4466142c12f9f6c60d70294d5199052d63b956da02e39dc7bf858f1d1af07eac8e82bdeffc17f5a7344f8bf31db88eda877856d1d269e49e6734ed42596ea8ab

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\l2br...exe_98d02ad2f10d89fe_0001.0015_en-gb_037f99e4f2fe3b82.cdf-ms
MD5
565e6dfa163bebe558bbc1bc99b69bdd

SHA1
ec33c6a150115cd6f169eb84f04d94e1a8531d20

SHA256
5705933f0f8f1f4fa7c440214c212c23b5a09c858feb6706ce6c89e463874798

SHA512
c32fe551eb4b1b46ddf3c0f1f65346c0d05767eafe9cb7bb77c36d027e1ce5f1b7bcab3596096b4694f7ea5a248a9a562a3106f1dbb8ec5bef6005aa42f02482

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\l2br..tion_98d02ad2f10d89fe_0001.0015_en-gb_a8d91bbb5f65a747.cdf-ms
MD5
9dca088600955ef3cd35000ae17640ce

SHA1
3e06ee53db56e283a94bc878abbec9e64fe3b296

SHA256
318dd94507715aa16bc47e30dd678b21582f33b336e9d931c7aab5b2a06c7b12

SHA512
7e47589e5aa43d2fcf2b7a27ca7b908efffd9edeb416143a0935b893041c5120c3b2bad0d83baeb9548c010e7b3ee79fc431d25446c3f4158965ba28a953aa51

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\log4net_1b44e1d426115821_0001.0002_none_1dbdc385b5af585e.cdf-ms
MD5
b1b40c7b8523825f67435228b59893dd

SHA1
0e312b40a3067fcdb0a07af64fc550d635280107

SHA256
3f98a40d355827c4e92136eeacd5b61d69539835b0b3e874394d66e5265e84de

SHA512
d757bc7d30d90a4b12a216c8de4b443453f4a1818b08975a0a16e7d48b6762fff6864ab3472a59dae029c3fed780aa309e4858d3ddf07b74c82a1df3b9be20cd

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\newt..json_30ad4fe6b2a6aeed_0004.0005_none_8f380177a126b8c7.cdf-ms
MD5
24658bedfff0fb05a6515fd0931af930

SHA1
7759f97efcfcc4196eb8f4f27e36745ea259dc4c

SHA256
2c8b9f096d707800f5b11476f6de0216f3d38ec80fae592066e2a69cca24ba46

SHA512
4b7d5bae1395d7ce73bf19c73e73edf4592043081e3c698f8c165c5843080adfa78a1b0a3346f41babe7a8ce258c8bd1feb664bbb8dd69533aa0f6163300efb3

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..base_3d67ed1f87d44c89_0006.0066_none_17d978773b88244d.cdf-ms
MD5
cce79d1e85820bd34a0f77fe021a5ee9

SHA1
f75cf1973274d073c2212b4dbf2315f9bc43f0e6

SHA256
183395ce984612b0455b3aa453205414279c17eb3bc3030094238937a8012651

SHA512
ad02810d35e1c6e191120ed7369e10d214f2c20d2d7b2103f63de41d1cf0122e9beac236999451c6cc8fda221ed0b9c054cb4cf386b9f92011d7cd898ea6dc45

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..base_3d67ed1f87d44c89_0006.0066_none_32cb79b7b0a440a4.cdf-ms
MD5
8f87453d73cc2c33837a2d9250c82f2b

SHA1
061222137bafa8734ea8c1305976017a53189c38

SHA256
2706b79476f418bc943b3e8356024f54ec23b521c023dc6535dcfc5a827c0b74

SHA512
2094618d1ef664c830f51d9dd5f1c1e6e114e23d07b5b23a94455a3b47b2fdccb972f390a9b82f40e7a33cbd89bce9bc05aaad042d9a989eb1573d57cfc6b832

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..base_3d67ed1f87d44c89_0006.0066_none_8e672566535b0d0c.cdf-ms
MD5
07e58459c4394c03f0b57df45fa5e38b

SHA1
8f8b07bc8972d62627aac535f82773034059a68e

SHA256
11eebb6e6f5940672571afda91fafdf2b211d89e6992ee43751b8adc899a486a

SHA512
303bb2b581118f52bab77cab8ad68e00e0d78dc7a7c466b894b1d24fc4ed0679d7888df591c79777ea6c78f1f9c97d1357228a18fe7213d94a153b73cb74ae7a

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..base_3d67ed1f87d44c89_0006.0066_none_9a84de7cec2667b0.cdf-ms
MD5
53391181a5a7114be6ffdc63ba6f96f6

SHA1
4ac6b332d242e7be4208a86629a4bd174a106c6b

SHA256
46ee63f19e9a6ad139f2d593d46976c63fad37588b618a59f585cc709296016b

SHA512
54f1ebacca53da52b85da0fc2e9d419c47e9d664700b1c5247db89c611f8197f38920ee43494b5a16fad3933975032cd3494963c74a9602b7507cba7b942a93b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..base_3d67ed1f87d44c89_0006.0066_none_c56a84a8c90a78a8.cdf-ms
MD5
90cfbb9329e8f050495ef48aee88099f

SHA1
0e14244c4094ddd780300165888734ed0fe4f261

SHA256
1a010b00c402c791511188d9901f3a945403e41eadaab8e442fd70441bffc770

SHA512
cdec10fde195b4f0cf111d06a72edb434d0bb0585889e64b8c4be0a2c4afb684091fbd65c3d5d304dc18d2427e38f541fa5a725dc797c5e392328a5a469a386c

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..base_3d67ed1f87d44c89_0006.0066_none_deca043f2c902cbf.cdf-ms
MD5
014b0868d23a35422039dc1a63b2e48c

SHA1
408deaf3e2a38d3002e329a8f00821e2a479f2a0

SHA256
59c5f53e4e7164f4671e20d4dfe40c8d02bc5c38f5980b7997604d2d0fcbef16

SHA512
eccf7acf52e070ba87ca9b59d3a3b75e430ba3f2f562dfee263ec86c2eca43f89965eaaec1502c8d8a2424320f3b1382703516c99763dcfbe9b5b26f356c1d47

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..core_632609b4d040f6b4_0006.0066_none_f52af34dcf601e94.cdf-ms
MD5
8b0ed342f9f7f734f502a0bf6425f474

SHA1
4348a2c4a338d67a678fa70f1859c05fff921e96

SHA256
b08abefca83c33832d69e6967c6bada8f4eb3c1db7ecdace0fa53f71f12cd433

SHA512
cc03549bf1a7cdd06875c1dadd3b7861d2af8c7ac2fb4f747a700c4642ba86b97ae589d00242db6db80e0917fa4efcd294ce6e60841f5d2f52d1a760d485e223

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..dows_3d67ed1f87d44c89_0006.0066_none_20ba4d9d0d1a1906.cdf-ms
MD5
bb8ec02d4fac63b82a734b7a24296104

SHA1
0b970dbde64c43f4e77abaa101db27df13d622a9

SHA256
5453266150186b7c7f4e8160f7b12620712f6b75d3ebb059712d8d8a34bf429e

SHA512
b97130f67b214bcc950e5fd27838e62ec13e1d8c72a23ce40cda2428f5e38bafb8a9c52b3f1ff1d6b68560873297e2c3ed2c04bee603b2d643063381b874eaf6

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..dows_3d67ed1f87d44c89_0006.0066_none_36cc510fcd0b556e.cdf-ms
MD5
341926da1c5bd6d15a0ae9fa5a7789a7

SHA1
5174565cb651ce398f2d744b24e15705b4a00e8a

SHA256
1ee09267f312400ffccbf9a8abeba28d3b4849cc812c66b4e4fd1171669c8d0b

SHA512
9727188adebd6a2e8dc4394cf21bba416100063cbd39ac865b27e0f2c18b10e007b895b83029c3ed2b3c0dbcd76a59033d9aa181cf8b4919ca1dd164f849c02a

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..dows_3d67ed1f87d44c89_0006.0066_none_3930442d5d43e73d.cdf-ms
MD5
7ace5e873b7108ac05953c94dca61b3a

SHA1
baceb2aea9d4e9ff1925e5e83c33f6cec311e064

SHA256
42ab1eacd18831da6a2b88f6d83e826a3898ee6df723759c2634d4d3bea8ee2e

SHA512
8e7a0d4d822b32c1a30f0f6dafbe25083f5f916bd6c26de4f0390c8459aaf826df7ef9e41cb627a88c9d00fe64ebae08ca2630e1adb836dab265ca382284181e

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\sync..dows_3d67ed1f87d44c89_0006.0066_none_6fadffcc09cf61c1.cdf-ms
MD5
8f89a0a0be052c239a040429ce3d7dd2

SHA1
b208eba11e17de8a1fde623f32b73be7e78574e6

SHA256
1893f16b782972a6c36cbfb6fe1742b70a1c8f2a12f3c0a0be2b8f08ad00a848

SHA512
fcca98b008be5919a5466e490dc92c49dbf06b30b8e0982bbc96fed8593f152a304f670de1a843d11dd23e65524f766b8d154b7224f978340a615d443482694b

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\syst..lite_db937bc2d44ff139_0001.0000_none_6082050d6b135302.cdf-ms
MD5
504b1b80711c612af095246c636fbd37

SHA1
68d9b94e3728ae5eda84dba67e2b38551ec5e5ef

SHA256
ef584f9896d2027564593e221ccfe108fcd7b851399c4f8d4ff4c0669c6024b8

SHA512
a2263c85f98afc771877a1f121c58c1efcc85affdbbea779c8dda1305b1af86b44ad8cdec27e5f744042b5e3a941640297da18e7c32e2b8f57f76fdb55ad9e85

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\xcee..rols_ba83ff368b7563c6_0003.0004_none_fe04135a7fd5c993.cdf-ms
MD5
f03beec1d157610b08f80b4d192874a6

SHA1
6b505fb4628a0b04b0d77117a151ad216ded9696

SHA256
bf2255eb4728f44261f9841fcea46a9c7b31fb490ca872d36d88d877a1796434

SHA512
7b9a31ecb0779a96536b9720f65ca9d6e701734086ea0a8a73e1ac8eeba9f3611100335a7dc5c3818784769729876f29f8047c9ce9db818662768cea697cdfb5

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\xcee..rtui_ba83ff368b7563c6_0003.0004_none_51cf789da45ab97d.cdf-ms
MD5
1cafa1bd2c9ad4c75d317614f0e1f4e0

SHA1
df4011009a1333afffcc9a04539c8990b63cc58f

SHA256
c5e57cc00303414addb37f9fe57619879d7f087180a9eeff2e64b4676dc4ee5a

SHA512
c809a2f2870d5d4e843d05eb3b420097b6a319825f4199cf2801d829edefaa842f0bbbf18a9f9fed9210682404541c95b7525e2c67961b54a2e017b0a0effc69

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\xcee..tion_ba83ff368b7563c6_0001.0001_none_42002c78d88c035c.cdf-ms
MD5
beda9a7e8dd6b341cac469c102780c7d

SHA1
b81d4632545187411da89106d723c69de605a184

SHA256
3c2da87721063c93cf58337e25ce066f2e0f51ebd85380aa53cea91778e31b97

SHA512
7176429f3272c502b007b5f3abe6f9d9d451076a26c7c89ad9c34867941e03eb4d04b834466f627582ba7985906f3011083e4156023739a1a12721b980d60c54

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\xcee..tors_ba83ff368b7563c6_0002.0003_none_98cf679bc9008bd0.cdf-ms
MD5
3791dfd2115f0913978911cf4909279c

SHA1
f777a1d552c36cd65353aa5035670d39192a6d21

SHA256
1a64c4bc6b69bd9f7344f2342b3ece2ccb9b322990cea48237b7b8a6cd3c61aa

SHA512
8c888f309fd0f6b50ffe0e596f8524df72ef3d2759ef842aa04212e93cbb635168bb6cb636cb7567e52f07a47be66cbf25d2d22e0a8d836ad1dc0842a2bfb589

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\xcee..tyle_ba83ff368b7563c6_0003.0004_none_3f43550b23cf8152.cdf-ms
MD5
d63ebf84d47da287f8baa3125e57b1a1

SHA1
ee4f51aa53ed9c0f8e98600f16b0fcdb4d2953ff

SHA256
d3144dbb617bf301d8944c213b7a5b2de1a9715148daeb6f2c7a94d66a52b233

SHA512
b5b4f7e00be3e99d0949bbb82f86616e0b90190800003e516357b3a491531d0be91903ce58fcd167f6dc5a96ca21d0cd61bc881f1eba1ca4796c496cee2325b4

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\xceed.grid_ba83ff368b7563c6_0003.0006_none_bb5d0a816227c55e.cdf-ms
MD5
f4bd72496face8662fbb8913c297d8fd

SHA1
9ee4279b6e75af144b3d3a50348ad3fdca3ac7dc

SHA256
f914a316766d2741a7524218d8a3f77fd9e2c73a323c4184a04773cd3d277ba8

SHA512
89055994cd0b0eddc626812de062471379f223de730eda7cdec74848eb4b01a9c31e2bc54f631897b69f91c5b903514e82ba10abb47efb0f00b343821bffbee8

Download Submit
C:\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\manifests\xceed.ui_ba83ff368b7563c6_0001.0002_none_9aa2270b6e9b907c.cdf-ms
MD5
2c8ff1b6043da1b952f49e0b4f36067c

SHA1
0120a44e8f9f4aa1d7fb260d6b90c3340a27dc47

SHA256
a7d6557deb72ae2516188575f1fa23309789182600608373f13222501b385c56

SHA512
5f6f42a7c077da6f16fbfe7bbea86a85709cba46526660e610aa40c35926cb592b7c2730600b0f3661a40560b8a1c912f42b308e99f52c12a121bb6d9c8c615b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IG INDEX\L2Branch3.appref-ms
MD5
c4e1e272176af5df4f476a693b6cfdad

SHA1
5f5cb4c3aabef365ae2c6ad0f74a14c585d0bbf4

SHA256
567cf5c006139769aadc866392dc15422ea7597549c1a92d0f13baca9907ffd3

SHA512
89b01235abecdce0abf7e6dbbddc52c0f871f1173a5d7c8037fdf59ae70f61f611649390c1b1928cf1ac9c1f8e8afa96226ac309ffcf63c881f12cecb1b70873

Download Submit
\??\c:\users\admin\appdata\local\apps\2.0\j41a3g2w.y5o\g2jbd9px.k46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\l2branch3.exe.Manifest
MD5
725a559464d48f392b12f58d1cda054d

SHA1
912be123b384d3673799d3cf178f39e426f3e301

SHA256
9f449f4d7afee196d688d8a1f460c4e32dc70519e4e1cd1064e07a677eff9242

SHA512
c932c2f132985897809d83f340ad95e8c05e2b053badb69193c62d22d42cf55d441164a53642c238875a5a761ce00a1e51892f64f88faf011fb6adce3a8d149a

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\GeneralFunctionLibrary.dll
MD5
ca3944bbb2d9aa4661251826620128b6

SHA1
5fad2242e5ba91eec1d0b2e73bddaf7c5b3ad1a2

SHA256
923d0c89be12f58098a22b688d3d11f12365bc57aec0cb083fd7a55a90e3047d

SHA512
f4aec6f1b95fc2681355267cc162a78afbd45120c19d7c1c83cc2deb55cc7625ba049d22a4a73de1ec7b3007eb425013f23ebba21a4fa481e166dd5ebcc083c5

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\GeneralFunctionLibrary.dll
MD5
ca3944bbb2d9aa4661251826620128b6

SHA1
5fad2242e5ba91eec1d0b2e73bddaf7c5b3ad1a2

SHA256
923d0c89be12f58098a22b688d3d11f12365bc57aec0cb083fd7a55a90e3047d

SHA512
f4aec6f1b95fc2681355267cc162a78afbd45120c19d7c1c83cc2deb55cc7625ba049d22a4a73de1ec7b3007eb425013f23ebba21a4fa481e166dd5ebcc083c5

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\GeneralFunctionLibrary.dll
MD5
ca3944bbb2d9aa4661251826620128b6

SHA1
5fad2242e5ba91eec1d0b2e73bddaf7c5b3ad1a2

SHA256
923d0c89be12f58098a22b688d3d11f12365bc57aec0cb083fd7a55a90e3047d

SHA512
f4aec6f1b95fc2681355267cc162a78afbd45120c19d7c1c83cc2deb55cc7625ba049d22a4a73de1ec7b3007eb425013f23ebba21a4fa481e166dd5ebcc083c5

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\GeneralFunctionLibrary.dll
MD5
ca3944bbb2d9aa4661251826620128b6

SHA1
5fad2242e5ba91eec1d0b2e73bddaf7c5b3ad1a2

SHA256
923d0c89be12f58098a22b688d3d11f12365bc57aec0cb083fd7a55a90e3047d

SHA512
f4aec6f1b95fc2681355267cc162a78afbd45120c19d7c1c83cc2deb55cc7625ba049d22a4a73de1ec7b3007eb425013f23ebba21a4fa481e166dd5ebcc083c5

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\Interop.SECOMCONTROLBLUELib.dll
MD5
48f377ebdded883df1962590f59fa0e0

SHA1
712434a09eb10f8511f1f86a916b3d8e8b09c68b

SHA256
e55439b7e5b6cdbcfd94ec0abd73498d6295176bd7f4e199a23affad8a9d303e

SHA512
4d54ee14f6695a78f9b0395db2d18b45ad3894dbd59b7a1059651154263b6b4edc64a141a1d792453ff4dc92feccf827c102522b151ca0f047bf64b7187449e2

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\Interop.SECOMCONTROLBLUELib.dll
MD5
48f377ebdded883df1962590f59fa0e0

SHA1
712434a09eb10f8511f1f86a916b3d8e8b09c68b

SHA256
e55439b7e5b6cdbcfd94ec0abd73498d6295176bd7f4e199a23affad8a9d303e

SHA512
4d54ee14f6695a78f9b0395db2d18b45ad3894dbd59b7a1059651154263b6b4edc64a141a1d792453ff4dc92feccf827c102522b151ca0f047bf64b7187449e2

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2BusinessLibrary.dll
MD5
a150589980ce6c6c69a70e6003e2b7a5

SHA1
65cf8f9f53c7786764c96f1916b682545491c10b

SHA256
ad5570673db3622f0f43bd5593fc8174c47e614925948696ad4184794cf8661a

SHA512
b05f0ea633f6f409c73e31c367e1519839a0fe36a5645305d1dfd66ee74d13fc0ee48133fd894dd337b69bf7bf3be909b9ec9c62236ea7c1089f67a0fdb49fd8

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2BusinessLibrary.dll
MD5
a150589980ce6c6c69a70e6003e2b7a5

SHA1
65cf8f9f53c7786764c96f1916b682545491c10b

SHA256
ad5570673db3622f0f43bd5593fc8174c47e614925948696ad4184794cf8661a

SHA512
b05f0ea633f6f409c73e31c367e1519839a0fe36a5645305d1dfd66ee74d13fc0ee48133fd894dd337b69bf7bf3be909b9ec9c62236ea7c1089f67a0fdb49fd8

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2CommonControls.dll
MD5
585efc65460c35a72d8e1894749a9337

SHA1
c0bc678b7aaf7fe9c4b1207cd785d4c6be9e0676

SHA256
f5aa8377b8479f4d29ceea50a9770425e469dffff31845fd10f704151cbe8d4a

SHA512
27c5b54589f6136026693e8111cd24b7286965a64d6d63d1dc213edf593d656eceba37aec4db40ea01066341dcdaffba30a1039c49a9c5530807fb5bec9b2659

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2CommonControls.dll
MD5
585efc65460c35a72d8e1894749a9337

SHA1
c0bc678b7aaf7fe9c4b1207cd785d4c6be9e0676

SHA256
f5aa8377b8479f4d29ceea50a9770425e469dffff31845fd10f704151cbe8d4a

SHA512
27c5b54589f6136026693e8111cd24b7286965a64d6d63d1dc213edf593d656eceba37aec4db40ea01066341dcdaffba30a1039c49a9c5530807fb5bec9b2659

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Logon.exe
MD5
c471fc25a5338247f65e2064a17b3bbe

SHA1
ce97c6791f09eb616de7336e84f902e53a937b74

SHA256
110e97de8123970883320b43e6e6ddeedf8172283379963070213f9a9c2350a8

SHA512
a07a83dba58fb8810c4c7b2002f5964374489a3580b4a12abb6c1f6f5beef4185df2ef4c5bb7105c075ef792e61b4288441da9a84db1c001aefd2c113e7c6b4c

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2Logon.exe
MD5
c471fc25a5338247f65e2064a17b3bbe

SHA1
ce97c6791f09eb616de7336e84f902e53a937b74

SHA256
110e97de8123970883320b43e6e6ddeedf8172283379963070213f9a9c2350a8

SHA512
a07a83dba58fb8810c4c7b2002f5964374489a3580b4a12abb6c1f6f5beef4185df2ef4c5bb7105c075ef792e61b4288441da9a84db1c001aefd2c113e7c6b4c

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2MessagingLibrary.dll
MD5
bc0c3a34e793367799ef020cb1ac59cb

SHA1
78fada1b3af10c9d0a636dcd4a1285380fc2f424

SHA256
3f4357c63d829c6bdc52964388708918c2d1555b5201ffac30b9ffba104782af

SHA512
3e49ce99c4c4ce553259909f72542dde2981983e4b2b8ca7d234020eab75ece8df56ef5c29f124197fe708f8b9013679658a263aaf722922a8381a8f7ed372a9

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\L2MessagingLibrary.dll
MD5
bc0c3a34e793367799ef020cb1ac59cb

SHA1
78fada1b3af10c9d0a636dcd4a1285380fc2f424

SHA256
3f4357c63d829c6bdc52964388708918c2d1555b5201ffac30b9ffba104782af

SHA512
3e49ce99c4c4ce553259909f72542dde2981983e4b2b8ca7d234020eab75ece8df56ef5c29f124197fe708f8b9013679658a263aaf722922a8381a8f7ed372a9

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\log4net.dll
MD5
b89cb7f3f1a1e2807e708f5435deb13d

SHA1
82cde65a7514c0e465ee0d505be56c56639ff0b1

SHA256
27d26aab42f7cab35bf51d0536c67ed553fc97b670226b868805e7c6927e5c87

SHA512
0bd0da0cc01eb62ba1dea21666bccf76db6c7dcb2ddfa608bea61da0ffa230a60a66e91449b2664de006066eb63d26daafb3bf7b932c8a22ccd347dbd707e68b

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\log4net.dll
MD5
b89cb7f3f1a1e2807e708f5435deb13d

SHA1
82cde65a7514c0e465ee0d505be56c56639ff0b1

SHA256
27d26aab42f7cab35bf51d0536c67ed553fc97b670226b868805e7c6927e5c87

SHA512
0bd0da0cc01eb62ba1dea21666bccf76db6c7dcb2ddfa608bea61da0ffa230a60a66e91449b2664de006066eb63d26daafb3bf7b932c8a22ccd347dbd707e68b

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\log4net.dll
MD5
b89cb7f3f1a1e2807e708f5435deb13d

SHA1
82cde65a7514c0e465ee0d505be56c56639ff0b1

SHA256
27d26aab42f7cab35bf51d0536c67ed553fc97b670226b868805e7c6927e5c87

SHA512
0bd0da0cc01eb62ba1dea21666bccf76db6c7dcb2ddfa608bea61da0ffa230a60a66e91449b2664de006066eb63d26daafb3bf7b932c8a22ccd347dbd707e68b

Download Submit
\Users\Admin\AppData\Local\Apps\2.0\J41A3G2W.Y5O\G2JBD9PX.K46\l2br..tion_98d02ad2f10d89fe_0001.0015_0885763c154cfafb\log4net.dll
MD5
b89cb7f3f1a1e2807e708f5435deb13d

SHA1
82cde65a7514c0e465ee0d505be56c56639ff0b1

SHA256
27d26aab42f7cab35bf51d0536c67ed553fc97b670226b868805e7c6927e5c87

SHA512
0bd0da0cc01eb62ba1dea21666bccf76db6c7dcb2ddfa608bea61da0ffa230a60a66e91449b2664de006066eb63d26daafb3bf7b932c8a22ccd347dbd707e68b

Download Submit
memory/1592-149-0x000001B3442D0000-0x000001B3442D1000-memory.dmp

Filesize
4KB

Download
memory/1592-147-0x000001B344150000-0x000001B344151000-memory.dmp

Filesize
4KB

Download
memory/1592-181-0x000001B3492E0000-0x000001B3492E1000-memory.dmp

Filesize
4KB

Download
memory/1592-182-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-116-0x000001B3299A0000-0x000001B3299A1000-memory.dmp

Filesize
4KB

Download
memory/1592-179-0x000001B349E60000-0x000001B349E61000-memory.dmp

Filesize
4KB

Download
memory/1592-178-0x000001B349310000-0x000001B349311000-memory.dmp

Filesize
4KB

Download
memory/1592-177-0x000001B344150000-0x000001B344151000-memory.dmp

Filesize
4KB

Download
memory/1592-176-0x000001B3493E0000-0x000001B3493E1000-memory.dmp

Filesize
4KB

Download
memory/1592-175-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-174-0x000001B32B850000-0x000001B32B851000-memory.dmp

Filesize
4KB

Download
memory/1592-173-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-172-0x000001B344150000-0x000001B344151000-memory.dmp

Filesize
4KB

Download
memory/1592-171-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-170-0x000001B3442D0000-0x000001B3442D1000-memory.dmp

Filesize
4KB

Download
memory/1592-169-0x000001B3492E0000-0x000001B3492E1000-memory.dmp

Filesize
4KB

Download
memory/1592-168-0x000001B3442D0000-0x000001B3442D1000-memory.dmp

Filesize
4KB

Download
memory/1592-167-0x000001B349310000-0x000001B349311000-memory.dmp

Filesize
4KB

Download
memory/1592-166-0x000001B3493C0000-0x000001B3493C1000-memory.dmp

Filesize
4KB

Download
memory/1592-165-0x000001B349320000-0x000001B349321000-memory.dmp

Filesize
4KB

Download
memory/1592-164-0x000001B3492E0000-0x000001B3492E1000-memory.dmp

Filesize
4KB

Download
memory/1592-163-0x000001B3495A0000-0x000001B3495A1000-memory.dmp

Filesize
4KB

Download
memory/1592-162-0x000001B3442D0000-0x000001B3442D1000-memory.dmp

Filesize
4KB

Download
memory/1592-161-0x000001B34B3A0000-0x000001B34B3A1000-memory.dmp

Filesize
4KB

Download
memory/1592-160-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-159-0x000001B349B20000-0x000001B349B21000-memory.dmp

Filesize
4KB

Download
memory/1592-158-0x000001B349660000-0x000001B349661000-memory.dmp

Filesize
4KB

Download
memory/1592-157-0x000001B3442D0000-0x000001B3442D1000-memory.dmp

Filesize
4KB

Download
memory/1592-156-0x000001B3442D0000-0x000001B3442D1000-memory.dmp

Filesize
4KB

Download
memory/1592-155-0x000001B32B850000-0x000001B32B851000-memory.dmp

Filesize
4KB

Download
memory/1592-154-0x000001B3442D0000-0x000001B3442D1000-memory.dmp

Filesize
4KB

Download
memory/1592-153-0x000001B3492E0000-0x000001B3492E1000-memory.dmp

Filesize
4KB

Download
memory/1592-152-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-151-0x000001B3442D0000-0x000001B3442D1000-memory.dmp

Filesize
4KB

Download
memory/1592-150-0x000001B349310000-0x000001B349311000-memory.dmp

Filesize
4KB

Download
memory/1592-115-0x0000000000000000-mapping.dmp

Download
memory/1592-148-0x000001B349350000-0x000001B349351000-memory.dmp

Filesize
4KB

Download
memory/1592-180-0x000001B3492E0000-0x000001B3492E1000-memory.dmp

Filesize
4KB

Download
memory/1592-146-0x000001B3494C0000-0x000001B3494C1000-memory.dmp

Filesize
4KB

Download
memory/1592-145-0x000001B349640000-0x000001B349641000-memory.dmp

Filesize
4KB

Download
memory/1592-144-0x000001B349EE0000-0x000001B349EE1000-memory.dmp

Filesize
4KB

Download
memory/1592-143-0x000001B3494C0000-0x000001B3494C1000-memory.dmp

Filesize
4KB

Download
memory/1592-142-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-141-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-140-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-139-0x000001B349560000-0x000001B349561000-memory.dmp

Filesize
4KB

Download
memory/1592-138-0x000001B349340000-0x000001B349341000-memory.dmp

Filesize
4KB

Download
memory/1592-117-0x000001B32B720000-0x000001B32B721000-memory.dmp

Filesize
4KB

Download
memory/1592-137-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-136-0x000001B3442D0000-0x000001B3442D1000-memory.dmp

Filesize
4KB

Download
memory/1592-135-0x000001B344150000-0x000001B344151000-memory.dmp

Filesize
4KB

Download
memory/1592-134-0x000001B349310000-0x000001B349311000-memory.dmp

Filesize
4KB

Download
memory/1592-133-0x000001B344150000-0x000001B344151000-memory.dmp

Filesize
4KB

Download
memory/1592-132-0x000001B349300000-0x000001B349301000-memory.dmp

Filesize
4KB

Download
memory/1592-131-0x000001B344150000-0x000001B344151000-memory.dmp

Filesize
4KB

Download
memory/1592-130-0x000001B32B6D0000-0x000001B32B6D1000-memory.dmp

Filesize
4KB

Download
memory/1592-129-0x000001B349350000-0x000001B349351000-memory.dmp

Filesize
4KB

Download
memory/1592-128-0x000001B349360000-0x000001B349361000-memory.dmp

Filesize
4KB

Download
memory/1592-127-0x000001B3442D0000-0x000001B3442D1000-memory.dmp

Filesize
4KB

Download
memory/1592-126-0x000001B349F90000-0x000001B349F91000-memory.dmp

Filesize
4KB

Download
memory/1592-118-0x000001B32B690000-0x000001B32B692000-memory.dmp

Filesize
8KB

Download
memory/1592-125-0x000001B349360000-0x000001B349361000-memory.dmp

Filesize
4KB

Download
memory/1592-124-0x000001B349A90000-0x000001B349A91000-memory.dmp

Filesize
4KB

Download
memory/1592-123-0x000001B3498F0000-0x000001B3498F1000-memory.dmp

Filesize
4KB

Download
memory/1592-122-0x000001B349570000-0x000001B349571000-memory.dmp

Filesize
4KB

Download
memory/1592-121-0x000001B32B695000-0x000001B32B697000-memory.dmp

Filesize
8KB

Download
memory/1592-119-0x000001B344E70000-0x000001B344E71000-memory.dmp

Filesize
4KB

Download
memory/1592-120-0x000001B32B693000-0x000001B32B695000-memory.dmp

Filesize
8KB

Download
memory/3632-331-0x0000000005EE0000-0x0000000005F26000-memory.dmp

Filesize
280KB

Download
memory/3632-306-0x0000000005EE0000-0x0000000005F26000-memory.dmp

Filesize
280KB

Download
memory/3632-257-0x0000000000000000-mapping.dmp

Download
memory/3696-339-0x0000000000000000-mapping.dmp

Download
memory/3696-365-0x0000000005180000-0x0000000005181000-memory.dmp

Filesize
4KB

Download
memory/3696-366-0x0000000005183000-0x0000000005185000-memory.dmp

Filesize
8KB

Download