Overview

overview

10

Static

static

3

AA.pdf

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10_x64
  • resource
    win10-es-20211208
  • submitted
    03-01-2022 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AA.pdf

  • Size

    4.5MB

  • MD5

    5e9ea0ef94094036b41484a131298cfb

  • SHA1

    32c20082ec69e71a13cc46c0264c9e89f6f87e66

  • SHA256

    e2e4f534b9d4f20e1f3624d1af45a7c0124b185667753775e810ea1752894ed8

  • SHA512

    4dbbe82e258dc302fbda7c11acfefa3455916ad6d76ff4f6626ecc260c8e44e038df9ec62d2b6994392e514f4ebc57061d10f30c97274a34515fdbf94e412717

Score
10/10
persistence

Malware Config

Signatures

  • Modifies system executable filetype association 2 TTPs 3 IoCs
    persistence
  • Registers COM server for autorun 1 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AA.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3964
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1500
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F28BD71F295A48508A1E5317983C1618 --mojo-platform-channel-handle=1632 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:3220
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=64ECBDC046C51B330CBB9B8490AA3ED4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=64ECBDC046C51B330CBB9B8490AA3ED4 --renderer-client-id=2 --mojo-platform-channel-handle=1640 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:668
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=577DBB53666E7B0E11BE8A35C8D9ADD7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=577DBB53666E7B0E11BE8A35C8D9ADD7 --renderer-client-id=4 --mojo-platform-channel-handle=2204 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:1728
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8F9D9C9DCC4FE4BBA7CAFC1D81376274 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:2028
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=70D66B1E6E48DC647A76E7E456958D29 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:2508
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=735C2D68699C25B17696BC53C65E0C7D --mojo-platform-channel-handle=2816 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:1164
                • C:\Windows\SysWOW64\LaunchWinApp.exe
                  "C:\Windows\system32\LaunchWinApp.exe" "https://www.quienesquien.wiki/es/empresas/combustibles-y-transportes-morelos-sa-de-cv"
                  2⤵
                    PID:3432
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                  1⤵
                  • Drops file in Windows directory
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of SetWindowsHookEx
                  PID:1240
                • C:\Windows\system32\browser_broker.exe
                  C:\Windows\system32\browser_broker.exe -Embedding
                  1⤵
                  • Modifies Internet Explorer settings
                  PID:4944
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Suspicious use of SetWindowsHookEx
                  PID:2920
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Drops file in Windows directory
                  • Modifies Internet Explorer settings
                  • Suspicious use of AdjustPrivilegeToken
                  PID:8
                • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
                  C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe /update /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode
                  1⤵
                  • Modifies system executable filetype association
                  • Adds Run key to start application
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2688
                  • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
                    "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"
                    2⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Modifies registry class
                    PID:1164

                Network

                MITRE ATT&CK Matrix ATT&CK v6

                Initial Access

                Execution

                Persistence

                Change Default File Association

                1
                T1042

                Registry Run Keys / Startup Folder

                2
                T1060

                Privilege Escalation

                Defense Evasion

                Modify Registry

                3
                T1112

                Credential Access

                Discovery

                Query Registry

                1
                T1012

                System Information Discovery

                1
                T1082

                Lateral Movement

                Collection

                Exfiltration

                Command and Control

                Impact

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
                  MD5

                  57bd9bd545af2b0f2ce14a33ca57ece9

                  SHA1

                  15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1

                  SHA256

                  a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf

                  SHA512

                  d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39

                  Download Submit
                • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.DLL
                  MD5

                  4ffef06099812f4f86d1280d69151a3f

                  SHA1

                  e5da93b4e0cf14300701a0efbd7caf80b86621c3

                  SHA256

                  d5a538a0a036c602492f9b2b6f85de59924da9ec3ed7a7bbf6ecd0979bee54d3

                  SHA512

                  d667fd0ae46039914f988eb7e407344114944a040468e4ec5a53d562db2c3241737566308d8420bb4f7c89c6ef446a7881b83eaac7daba3271b81754c5c0f34a

                  Download Submit
                • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\MSVCP140.dll
                  MD5

                  ce8a66d40621f89c5a639691db3b96b4

                  SHA1

                  b5f26f17ddd08e1ba73c57635c20c56aaa46b435

                  SHA256

                  545bb4a00b29b4b5d25e16e1d0969e99b4011033ce3d1d7e827abef09dd317e7

                  SHA512

                  85fc18e75e4c7f26a2c83578356b1947e12ec002510a574da86ad62114f1640128e58a6858603189317c77059c71ac0824f10b6117fa1c83af76ee480d36b671

                  Download Submit
                • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll
                  MD5

                  50ea1cd5e09e3e2002fadb02d67d8ce6

                  SHA1

                  c4515f089a4615d920971b28833ec739e3c329f3

                  SHA256

                  414f6f64d463b3eb1e9eb21d9455837c99c7d9097f6bb61bd12c71e8dce62902

                  SHA512

                  440ededc1389b253f3a31c4f188fda419daf2f58096cf73cad3e72a746bdcde6bde049ce74c1eb521909d700d50fbfddbf802ead190cd54927ea03b5d0ce81b3

                  Download Submit
                • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll
                  MD5

                  037df27be847ef8ab259be13e98cdd59

                  SHA1

                  d5541dfa2454a5d05c835ec5303c84628f48e7b2

                  SHA256

                  9fb3abcafd8e8b1deb13ec0f46c87b759a1cb610b2488052ba70e3363f1935ec

                  SHA512

                  7e1a04368ec469e4059172c5b44fd08d4ea3d01df98bfd6d4cc91ac45f381862ecf89fe9c6bedce985a12158d840cd6cfa06ce9d22466fbf6110140465002205

                  Download Submit
                • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\VCRUNTIME140.dll
                  MD5

                  cefcd5d1f068c4265c3976a4621543d4

                  SHA1

                  4d874d6d6fa19e0476a229917c01e7c1dd5ceacd

                  SHA256

                  c79241aec5e35cba91563c3b33ed413ce42309f5145f25dc92caf9c82a753817

                  SHA512

                  d934c43f1bd47c5900457642b3cbdcd43643115cd3e78b244f3a28fee5eea373e65b6e1cb764e356839090ce4a7a85d74f2b7631c48741d88cf44c9703114ec9

                  Download Submit
                • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.dll
                  MD5

                  4ffef06099812f4f86d1280d69151a3f

                  SHA1

                  e5da93b4e0cf14300701a0efbd7caf80b86621c3

                  SHA256

                  d5a538a0a036c602492f9b2b6f85de59924da9ec3ed7a7bbf6ecd0979bee54d3

                  SHA512

                  d667fd0ae46039914f988eb7e407344114944a040468e4ec5a53d562db2c3241737566308d8420bb4f7c89c6ef446a7881b83eaac7daba3271b81754c5c0f34a

                  Download Submit
                • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll
                  MD5

                  50ea1cd5e09e3e2002fadb02d67d8ce6

                  SHA1

                  c4515f089a4615d920971b28833ec739e3c329f3

                  SHA256

                  414f6f64d463b3eb1e9eb21d9455837c99c7d9097f6bb61bd12c71e8dce62902

                  SHA512

                  440ededc1389b253f3a31c4f188fda419daf2f58096cf73cad3e72a746bdcde6bde049ce74c1eb521909d700d50fbfddbf802ead190cd54927ea03b5d0ce81b3

                  Download Submit
                • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll
                  MD5

                  037df27be847ef8ab259be13e98cdd59

                  SHA1

                  d5541dfa2454a5d05c835ec5303c84628f48e7b2

                  SHA256

                  9fb3abcafd8e8b1deb13ec0f46c87b759a1cb610b2488052ba70e3363f1935ec

                  SHA512

                  7e1a04368ec469e4059172c5b44fd08d4ea3d01df98bfd6d4cc91ac45f381862ecf89fe9c6bedce985a12158d840cd6cfa06ce9d22466fbf6110140465002205

                  Download Submit
                • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\msvcp140.dll
                  MD5

                  ce8a66d40621f89c5a639691db3b96b4

                  SHA1

                  b5f26f17ddd08e1ba73c57635c20c56aaa46b435

                  SHA256

                  545bb4a00b29b4b5d25e16e1d0969e99b4011033ce3d1d7e827abef09dd317e7

                  SHA512

                  85fc18e75e4c7f26a2c83578356b1947e12ec002510a574da86ad62114f1640128e58a6858603189317c77059c71ac0824f10b6117fa1c83af76ee480d36b671

                  Download Submit
                • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\vcruntime140.dll
                  MD5

                  cefcd5d1f068c4265c3976a4621543d4

                  SHA1

                  4d874d6d6fa19e0476a229917c01e7c1dd5ceacd

                  SHA256

                  c79241aec5e35cba91563c3b33ed413ce42309f5145f25dc92caf9c82a753817

                  SHA512

                  d934c43f1bd47c5900457642b3cbdcd43643115cd3e78b244f3a28fee5eea373e65b6e1cb764e356839090ce4a7a85d74f2b7631c48741d88cf44c9703114ec9

                  Download Submit
                • \Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\vcruntime140.dll
                  MD5

                  cefcd5d1f068c4265c3976a4621543d4

                  SHA1

                  4d874d6d6fa19e0476a229917c01e7c1dd5ceacd

                  SHA256

                  c79241aec5e35cba91563c3b33ed413ce42309f5145f25dc92caf9c82a753817

                  SHA512

                  d934c43f1bd47c5900457642b3cbdcd43643115cd3e78b244f3a28fee5eea373e65b6e1cb764e356839090ce4a7a85d74f2b7631c48741d88cf44c9703114ec9

                  Download Submit
                • memory/668-125-0x0000000001800000-0x0000000001801000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/668-124-0x0000000001360000-0x0000000001361000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/668-119-0x0000000077352000-0x0000000077353000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/668-122-0x0000000000000000-mapping.dmp
                  Download
                • memory/668-121-0x000000000171D000-0x000000000171E000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/1164-145-0x0000000000000000-mapping.dmp
                  Download
                • memory/1164-140-0x0000000077352000-0x0000000077353000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/1164-142-0x0000000000000000-mapping.dmp
                  Download
                • memory/1164-141-0x00000000007A3000-0x00000000007A4000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/1500-115-0x0000000000000000-mapping.dmp
                  Download
                • memory/1728-128-0x0000000000000000-mapping.dmp
                  Download
                • memory/1728-126-0x0000000077352000-0x0000000077353000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/1728-127-0x0000000001366000-0x0000000001367000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/2028-134-0x0000000000000000-mapping.dmp
                  Download
                • memory/2028-133-0x0000000000627000-0x0000000000628000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/2028-132-0x0000000077352000-0x0000000077353000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/2508-137-0x0000000000438000-0x0000000000439000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/2508-136-0x0000000077352000-0x0000000077353000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/2508-138-0x0000000000000000-mapping.dmp
                  Download
                • memory/3220-120-0x00000000003A0000-0x00000000003A1000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/3220-117-0x0000000000771000-0x0000000000772000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/3220-118-0x0000000000000000-mapping.dmp
                  Download
                • memory/3220-116-0x0000000077352000-0x0000000077353000-memory.dmp
                  Filesize

                  4KB

                  Download
                • memory/3432-144-0x0000000000000000-mapping.dmp
                  Download