chinese_generic_botnet | 3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2022 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe
Size

3.4MB
MD5

d9f897cefc1b3a353fadffc3929a7edf
SHA1

bf640502544049b5bf7dfb8904ceb28a4cde2cff
SHA256

3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440
SHA512

67a4077090c8cebdadd3031ab496ad115f4f4a878f26db77362947940fa4628f47745921f5f30510cca182bc5c689c7eab461b90bc035f0a26cbf94595aae30c
SSDEEP

49152:q7lJVUUHd1wDhlMWmBU0iXYlyY4nT20kdCMNDR9QtBnADEJSIibvw+:q7lJVfgDhlMWmBU0VQ9KHIu0vKEJMw+

Score

10^/10

chinese_generic_botnet botnet

Malware Config

Signatures

Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
botnet chinese_generic_botnet

Chinese Botnet payload 3 IoCs

botnet

Processes:

resource	yara_rule
behavioral2/memory/4204-140-0x0000000010000000-0x0000000010027000-memory.dmp	unk_chinese_botnet
behavioral2/memory/4748-148-0x0000000010000000-0x0000000010027000-memory.dmp	unk_chinese_botnet
behavioral2/memory/2600-156-0x0000000010000000-0x0000000010027000-memory.dmp	unk_chinese_botnet

Downloads MZ/PE file

Executes dropped EXE 40 IoCs

Processes:

Windowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exe

pid	process
4748	Windowsfig.exe
2600	Windowsfig.exe
4704	Windowsfig.exe
4236	Windowsfig.exe
1764	Windowsfig.exe
3056	Windowsfig.exe
2496	Windowsfig.exe
3464	Windowsfig.exe
1400	Windowsfig.exe
4468	Windowsfig.exe
2888	Windowsfig.exe
212	Windowsfig.exe
4680	Windowsfig.exe
604	Windowsfig.exe
1320	Windowsfig.exe
4192	Windowsfig.exe
4648	Windowsfig.exe
2676	Windowsfig.exe
3976	Windowsfig.exe
3000	Windowsfig.exe
4496	Windowsfig.exe
4652	Windowsfig.exe
1020	Windowsfig.exe
4932	Windowsfig.exe
3768	Windowsfig.exe
2576	Windowsfig.exe
1740	Windowsfig.exe
3428	Windowsfig.exe
3900	Windowsfig.exe
3440	Windowsfig.exe
2220	Windowsfig.exe
608	Windowsfig.exe
1596	Windowsfig.exe
1516	Windowsfig.exe
1676	Windowsfig.exe
1480	Windowsfig.exe
1900	Windowsfig.exe
2388	Windowsfig.exe
1344	Windowsfig.exe
1048	Windowsfig.exe

Checks computer location settings 2 TTPs 40 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Windowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exe3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	Windowsfig.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Windowsfig.exe

description	ioc	process
File opened (read-only)	\??\H:	Windowsfig.exe
File opened (read-only)	\??\M:	Windowsfig.exe
File opened (read-only)	\??\R:	Windowsfig.exe
File opened (read-only)	\??\B:	Windowsfig.exe
File opened (read-only)	\??\N:	Windowsfig.exe
File opened (read-only)	\??\T:	Windowsfig.exe
File opened (read-only)	\??\U:	Windowsfig.exe
File opened (read-only)	\??\X:	Windowsfig.exe
File opened (read-only)	\??\Z:	Windowsfig.exe
File opened (read-only)	\??\E:	Windowsfig.exe
File opened (read-only)	\??\Q:	Windowsfig.exe
File opened (read-only)	\??\S:	Windowsfig.exe
File opened (read-only)	\??\W:	Windowsfig.exe
File opened (read-only)	\??\O:	Windowsfig.exe
File opened (read-only)	\??\P:	Windowsfig.exe
File opened (read-only)	\??\F:	Windowsfig.exe
File opened (read-only)	\??\G:	Windowsfig.exe
File opened (read-only)	\??\I:	Windowsfig.exe
File opened (read-only)	\??\J:	Windowsfig.exe
File opened (read-only)	\??\K:	Windowsfig.exe
File opened (read-only)	\??\L:	Windowsfig.exe
File opened (read-only)	\??\V:	Windowsfig.exe
File opened (read-only)	\??\Y:	Windowsfig.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Windowsfig.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Windowsfig.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Windowsfig.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Windowsfig.exe

pid process

4748 Windowsfig.exe
4748 Windowsfig.exe

Suspicious use of SetWindowsHookEx 41 IoCs

Processes:

3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exe

pid	process
4204	3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe
4748	Windowsfig.exe
2600	Windowsfig.exe
4704	Windowsfig.exe
4236	Windowsfig.exe
1764	Windowsfig.exe
3056	Windowsfig.exe
2496	Windowsfig.exe
3464	Windowsfig.exe
1400	Windowsfig.exe
4468	Windowsfig.exe
2888	Windowsfig.exe
212	Windowsfig.exe
4680	Windowsfig.exe
604	Windowsfig.exe
1320	Windowsfig.exe
4192	Windowsfig.exe
4648	Windowsfig.exe
2676	Windowsfig.exe
3976	Windowsfig.exe
3000	Windowsfig.exe
4496	Windowsfig.exe
4652	Windowsfig.exe
1020	Windowsfig.exe
4932	Windowsfig.exe
3768	Windowsfig.exe
2576	Windowsfig.exe
1740	Windowsfig.exe
3428	Windowsfig.exe
3900	Windowsfig.exe
3440	Windowsfig.exe
2220	Windowsfig.exe
608	Windowsfig.exe
1596	Windowsfig.exe
1516	Windowsfig.exe
1676	Windowsfig.exe
1480	Windowsfig.exe
1900	Windowsfig.exe
2388	Windowsfig.exe
1344	Windowsfig.exe
1048	Windowsfig.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 4204 wrote to memory of 4748	4204	3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe	Windowsfig.exe
PID 4204 wrote to memory of 4748	4204	3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe	Windowsfig.exe
PID 4204 wrote to memory of 4748	4204	3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe	Windowsfig.exe
PID 4204 wrote to memory of 532	4204	3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe	cmd.exe
PID 4204 wrote to memory of 532	4204	3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe	cmd.exe
PID 4204 wrote to memory of 532	4204	3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe	cmd.exe
PID 4748 wrote to memory of 2600	4748	Windowsfig.exe	Windowsfig.exe
PID 4748 wrote to memory of 2600	4748	Windowsfig.exe	Windowsfig.exe
PID 4748 wrote to memory of 2600	4748	Windowsfig.exe	Windowsfig.exe
PID 4748 wrote to memory of 4516	4748	Windowsfig.exe	cmd.exe
PID 4748 wrote to memory of 4516	4748	Windowsfig.exe	cmd.exe
PID 4748 wrote to memory of 4516	4748	Windowsfig.exe	cmd.exe
PID 2600 wrote to memory of 4704	2600	Windowsfig.exe	Windowsfig.exe
PID 2600 wrote to memory of 4704	2600	Windowsfig.exe	Windowsfig.exe
PID 2600 wrote to memory of 4704	2600	Windowsfig.exe	Windowsfig.exe
PID 2600 wrote to memory of 1432	2600	Windowsfig.exe	cmd.exe
PID 2600 wrote to memory of 1432	2600	Windowsfig.exe	cmd.exe
PID 2600 wrote to memory of 1432	2600	Windowsfig.exe	cmd.exe
PID 4704 wrote to memory of 4236	4704	Windowsfig.exe	Windowsfig.exe
PID 4704 wrote to memory of 4236	4704	Windowsfig.exe	Windowsfig.exe
PID 4704 wrote to memory of 4236	4704	Windowsfig.exe	Windowsfig.exe
PID 4704 wrote to memory of 1304	4704	Windowsfig.exe	cmd.exe
PID 4704 wrote to memory of 1304	4704	Windowsfig.exe	cmd.exe
PID 4704 wrote to memory of 1304	4704	Windowsfig.exe	cmd.exe
PID 4236 wrote to memory of 1764	4236	Windowsfig.exe	Windowsfig.exe
PID 4236 wrote to memory of 1764	4236	Windowsfig.exe	Windowsfig.exe
PID 4236 wrote to memory of 1764	4236	Windowsfig.exe	Windowsfig.exe
PID 4236 wrote to memory of 2460	4236	Windowsfig.exe	cmd.exe
PID 4236 wrote to memory of 2460	4236	Windowsfig.exe	cmd.exe
PID 4236 wrote to memory of 2460	4236	Windowsfig.exe	cmd.exe
PID 1764 wrote to memory of 3056	1764	Windowsfig.exe	Windowsfig.exe
PID 1764 wrote to memory of 3056	1764	Windowsfig.exe	Windowsfig.exe
PID 1764 wrote to memory of 3056	1764	Windowsfig.exe	Windowsfig.exe
PID 1764 wrote to memory of 4140	1764	Windowsfig.exe	cmd.exe
PID 1764 wrote to memory of 4140	1764	Windowsfig.exe	cmd.exe
PID 1764 wrote to memory of 4140	1764	Windowsfig.exe	cmd.exe
PID 3056 wrote to memory of 2496	3056	Windowsfig.exe	Windowsfig.exe
PID 3056 wrote to memory of 2496	3056	Windowsfig.exe	Windowsfig.exe
PID 3056 wrote to memory of 2496	3056	Windowsfig.exe	Windowsfig.exe
PID 3056 wrote to memory of 2752	3056	Windowsfig.exe	cmd.exe
PID 3056 wrote to memory of 2752	3056	Windowsfig.exe	cmd.exe
PID 3056 wrote to memory of 2752	3056	Windowsfig.exe	cmd.exe
PID 2496 wrote to memory of 3464	2496	Windowsfig.exe	Windowsfig.exe
PID 2496 wrote to memory of 3464	2496	Windowsfig.exe	Windowsfig.exe
PID 2496 wrote to memory of 3464	2496	Windowsfig.exe	Windowsfig.exe
PID 2496 wrote to memory of 2392	2496	Windowsfig.exe	cmd.exe
PID 2496 wrote to memory of 2392	2496	Windowsfig.exe	cmd.exe
PID 2496 wrote to memory of 2392	2496	Windowsfig.exe	cmd.exe
PID 3464 wrote to memory of 1400	3464	Windowsfig.exe	Windowsfig.exe
PID 3464 wrote to memory of 1400	3464	Windowsfig.exe	Windowsfig.exe
PID 3464 wrote to memory of 1400	3464	Windowsfig.exe	Windowsfig.exe
PID 3464 wrote to memory of 5052	3464	Windowsfig.exe	cmd.exe
PID 3464 wrote to memory of 5052	3464	Windowsfig.exe	cmd.exe
PID 3464 wrote to memory of 5052	3464	Windowsfig.exe	cmd.exe
PID 1400 wrote to memory of 4468	1400	Windowsfig.exe	Windowsfig.exe
PID 1400 wrote to memory of 4468	1400	Windowsfig.exe	Windowsfig.exe
PID 1400 wrote to memory of 4468	1400	Windowsfig.exe	Windowsfig.exe
PID 1400 wrote to memory of 3236	1400	Windowsfig.exe	cmd.exe
PID 1400 wrote to memory of 3236	1400	Windowsfig.exe	cmd.exe
PID 1400 wrote to memory of 3236	1400	Windowsfig.exe	cmd.exe
PID 4468 wrote to memory of 2888	4468	Windowsfig.exe	Windowsfig.exe
PID 4468 wrote to memory of 2888	4468	Windowsfig.exe	Windowsfig.exe
PID 4468 wrote to memory of 2888	4468	Windowsfig.exe	Windowsfig.exe
PID 4468 wrote to memory of 4088	4468	Windowsfig.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe
"C:\Users\Admin\AppData\Local\Temp\3678158c73850cefbb39893957b895827f5c30d7b03ec20010b91d7ddb433440.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4204

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4748

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
3⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
4⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4704

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
5⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4236

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
6⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
7⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
8⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
9⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3464

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
10⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1400

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
11⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4468

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
12⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2888

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
13⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:212

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
14⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4680

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
15⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:604

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
16⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1320

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
17⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4192

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
18⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4648

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
19⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2676

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
20⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3976

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
21⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3000

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
22⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4496

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
23⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4652

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
24⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1020

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
25⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4932

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
26⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3768

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
27⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2576

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
28⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1740

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
29⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3428

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
30⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3900

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
31⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3440

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
32⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2220

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
33⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:608

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
34⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1596

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
35⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1516

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
36⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1676

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
37⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1480

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
38⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1900

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
39⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2388

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
40⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1344

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
41⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
40⤵
PID:4680

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
39⤵
PID:2156

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
38⤵
PID:2436

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
37⤵
PID:1960

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
36⤵
PID:2812

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
35⤵
PID:896

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
34⤵
PID:3652

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
33⤵
PID:3660

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
32⤵
PID:2872

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
31⤵
PID:4852

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
30⤵
PID:1112

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
29⤵
PID:3764

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
28⤵
PID:4976

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
27⤵
PID:4704

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
26⤵
PID:3096

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
25⤵
PID:4956

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
24⤵
PID:4684

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
23⤵
PID:532

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
22⤵
PID:4132

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
21⤵
PID:3264

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
20⤵
PID:2208

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
19⤵
PID:4488

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
18⤵
PID:4044

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
17⤵
PID:4400

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
16⤵
PID:3388

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
15⤵
PID:4228

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
14⤵
PID:3788

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
13⤵
PID:2140

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
12⤵
PID:4088

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
11⤵
PID:3236

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
10⤵
PID:5052

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
9⤵
PID:2392

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
8⤵
PID:2752

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
7⤵
PID:4140

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
6⤵
PID:2460

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
5⤵
PID:1304

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
4⤵
PID:1432

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
3⤵
PID:4516

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
2⤵
PID:532

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
3e170464041417402f0bd148c74dcac5

SHA1
761dc158aade35c948ee559394fe73c14c33f930

SHA256
380eafc1217c93e7be3bfcc52d9e0b068ffb3a988f435cbec2932f834da4cdce

SHA512
fc3b2a3b3145d40c3dec7313afa98d88d9df72aac519f2dfd8a95118b4ec1c0daa39ece4cd4b0fba163e6c81c630d1d02ac96bb5d42ad2798a1491d1fa2cad5e

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DUHIRKGY\Windowsfig[1].exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
memory/212-217-0x0000000000000000-mapping.dmp

Download
memory/532-304-0x0000000000000000-mapping.dmp

Download
memory/532-136-0x0000000000000000-mapping.dmp

Download
memory/604-233-0x0000000000000000-mapping.dmp

Download
memory/608-377-0x0000000000000000-mapping.dmp

Download
memory/1020-305-0x0000000000000000-mapping.dmp

Download
memory/1112-360-0x0000000000000000-mapping.dmp

Download
memory/1304-160-0x0000000000000000-mapping.dmp

Download
memory/1320-241-0x0000000000000000-mapping.dmp

Download
memory/1400-193-0x0000000000000000-mapping.dmp

Download
memory/1432-152-0x0000000000000000-mapping.dmp

Download
memory/1740-337-0x0000000000000000-mapping.dmp

Download
memory/1764-161-0x0000000000000000-mapping.dmp

Download
memory/2140-224-0x0000000000000000-mapping.dmp

Download
memory/2208-280-0x0000000000000000-mapping.dmp

Download
memory/2220-369-0x0000000000000000-mapping.dmp

Download
memory/2392-192-0x0000000000000000-mapping.dmp

Download
memory/2460-168-0x0000000000000000-mapping.dmp

Download
memory/2496-177-0x0000000000000000-mapping.dmp

Download
memory/2576-329-0x0000000000000000-mapping.dmp

Download
memory/2600-137-0x0000000000000000-mapping.dmp

Download
memory/2600-156-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/2676-265-0x0000000000000000-mapping.dmp

Download
memory/2752-184-0x0000000000000000-mapping.dmp

Download
memory/2872-376-0x0000000000000000-mapping.dmp

Download
memory/2888-209-0x0000000000000000-mapping.dmp

Download
memory/3000-281-0x0000000000000000-mapping.dmp

Download
memory/3056-169-0x0000000000000000-mapping.dmp

Download
memory/3096-328-0x0000000000000000-mapping.dmp

Download
memory/3236-208-0x0000000000000000-mapping.dmp

Download
memory/3264-288-0x0000000000000000-mapping.dmp

Download
memory/3388-248-0x0000000000000000-mapping.dmp

Download
memory/3428-345-0x0000000000000000-mapping.dmp

Download
memory/3440-361-0x0000000000000000-mapping.dmp

Download
memory/3464-185-0x0000000000000000-mapping.dmp

Download
memory/3660-383-0x0000000000000000-mapping.dmp

Download
memory/3764-352-0x0000000000000000-mapping.dmp

Download
memory/3768-321-0x0000000000000000-mapping.dmp

Download
memory/3788-232-0x0000000000000000-mapping.dmp

Download
memory/3900-353-0x0000000000000000-mapping.dmp

Download
memory/3976-273-0x0000000000000000-mapping.dmp

Download
memory/4044-264-0x0000000000000000-mapping.dmp

Download
memory/4088-216-0x0000000000000000-mapping.dmp

Download
memory/4132-296-0x0000000000000000-mapping.dmp

Download
memory/4140-176-0x0000000000000000-mapping.dmp

Download
memory/4192-249-0x0000000000000000-mapping.dmp

Download
memory/4204-140-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/4228-240-0x0000000000000000-mapping.dmp

Download
memory/4236-153-0x0000000000000000-mapping.dmp

Download
memory/4400-256-0x0000000000000000-mapping.dmp

Download
memory/4468-201-0x0000000000000000-mapping.dmp

Download
memory/4488-272-0x0000000000000000-mapping.dmp

Download
memory/4496-289-0x0000000000000000-mapping.dmp

Download
memory/4516-144-0x0000000000000000-mapping.dmp

Download
memory/4648-257-0x0000000000000000-mapping.dmp

Download
memory/4652-297-0x0000000000000000-mapping.dmp

Download
memory/4680-225-0x0000000000000000-mapping.dmp

Download
memory/4684-312-0x0000000000000000-mapping.dmp

Download
memory/4704-336-0x0000000000000000-mapping.dmp

Download
memory/4704-145-0x0000000000000000-mapping.dmp

Download
memory/4748-132-0x0000000000000000-mapping.dmp

Download
memory/4748-148-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/4852-368-0x0000000000000000-mapping.dmp

Download
memory/4932-313-0x0000000000000000-mapping.dmp

Download
memory/4956-320-0x0000000000000000-mapping.dmp

Download
memory/4976-344-0x0000000000000000-mapping.dmp

Download
memory/5052-200-0x0000000000000000-mapping.dmp

Download