chinese_generic_botnet | 5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2022 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
Size

976KB
MD5

960e271e42a03c8398952411d604effe
SHA1

0edbd4619b2971182567877b6c05033a7782f0e5
SHA256

5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61
SHA512

e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d
SSDEEP

6144:rYC/9GCx9syJZHZ6u8YUphxWHlygHR4f87Re7QeUC5Uxe9siOinsB8g+9:rY6GCxLZj8YUphxWHUgHeCRe7Vbf

Score

10^/10

chinese_generic_botnet botnet

Malware Config

Signatures

Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
botnet chinese_generic_botnet

Chinese Botnet payload 2 IoCs

botnet

Processes:

resource	yara_rule
behavioral2/memory/4876-141-0x0000000010000000-0x0000000010027000-memory.dmp	unk_chinese_botnet
behavioral2/memory/1764-157-0x0000000010000000-0x0000000010027000-memory.dmp	unk_chinese_botnet

Downloads MZ/PE file

Executes dropped EXE 42 IoCs

Processes:

Windowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exe

pid	process
312	Windowsfig.exe
1764	Windowsfig.exe
4204	Windowsfig.exe
4676	Windowsfig.exe
4388	Windowsfig.exe
1476	Windowsfig.exe
3668	Windowsfig.exe
1328	Windowsfig.exe
3820	Windowsfig.exe
628	Windowsfig.exe
4332	Windowsfig.exe
4324	Windowsfig.exe
3804	Windowsfig.exe
4392	Windowsfig.exe
2952	Windowsfig.exe
4584	Windowsfig.exe
1672	Windowsfig.exe
2308	Windowsfig.exe
2708	Windowsfig.exe
1352	Windowsfig.exe
3484	Windowsfig.exe
372	Windowsfig.exe
1512	Windowsfig.exe
3548	Windowsfig.exe
440	Windowsfig.exe
4888	Windowsfig.exe
3024	Windowsfig.exe
3660	Windowsfig.exe
3260	Windowsfig.exe
5068	Windowsfig.exe
3444	Windowsfig.exe
3404	Windowsfig.exe
3788	Windowsfig.exe
2412	Windowsfig.exe
1988	Windowsfig.exe
2268	Windowsfig.exe
3324	Windowsfig.exe
3940	Windowsfig.exe
2264	Windowsfig.exe
4516	Windowsfig.exe
2332	Windowsfig.exe
4856	Windowsfig.exe

Checks computer location settings 2 TTPs 42 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Windowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exe5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	Windowsfig.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe

description	ioc	process
File opened (read-only)	\??\E:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\G:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\H:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\U:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\X:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\Y:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\B:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\F:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\Q:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\S:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\I:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\N:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\P:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\R:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\V:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\Z:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\J:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\K:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\L:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\M:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\O:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\T:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
File opened (read-only)	\??\W:	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe

pid	process
4876	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
4876	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe

Suspicious use of SetWindowsHookEx 43 IoCs

Processes:

5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exeWindowsfig.exe

pid	process
4876	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
312	Windowsfig.exe
1764	Windowsfig.exe
4204	Windowsfig.exe
4676	Windowsfig.exe
4388	Windowsfig.exe
1476	Windowsfig.exe
3668	Windowsfig.exe
1328	Windowsfig.exe
3820	Windowsfig.exe
628	Windowsfig.exe
4332	Windowsfig.exe
4324	Windowsfig.exe
3804	Windowsfig.exe
4392	Windowsfig.exe
2952	Windowsfig.exe
4584	Windowsfig.exe
1672	Windowsfig.exe
2308	Windowsfig.exe
2708	Windowsfig.exe
1352	Windowsfig.exe
3484	Windowsfig.exe
372	Windowsfig.exe
1512	Windowsfig.exe
3548	Windowsfig.exe
440	Windowsfig.exe
4888	Windowsfig.exe
3024	Windowsfig.exe
3660	Windowsfig.exe
3260	Windowsfig.exe
5068	Windowsfig.exe
3444	Windowsfig.exe
3404	Windowsfig.exe
3788	Windowsfig.exe
2412	Windowsfig.exe
1988	Windowsfig.exe
2268	Windowsfig.exe
3324	Windowsfig.exe
3940	Windowsfig.exe
2264	Windowsfig.exe
4516	Windowsfig.exe
2332	Windowsfig.exe
4856	Windowsfig.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 4876 wrote to memory of 312	4876	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe	Windowsfig.exe
PID 4876 wrote to memory of 312	4876	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe	Windowsfig.exe
PID 4876 wrote to memory of 312	4876	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe	Windowsfig.exe
PID 4876 wrote to memory of 4328	4876	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe	cmd.exe
PID 4876 wrote to memory of 4328	4876	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe	cmd.exe
PID 4876 wrote to memory of 4328	4876	5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe	cmd.exe
PID 312 wrote to memory of 1764	312	Windowsfig.exe	Windowsfig.exe
PID 312 wrote to memory of 1764	312	Windowsfig.exe	Windowsfig.exe
PID 312 wrote to memory of 1764	312	Windowsfig.exe	Windowsfig.exe
PID 312 wrote to memory of 4368	312	Windowsfig.exe	cmd.exe
PID 312 wrote to memory of 4368	312	Windowsfig.exe	cmd.exe
PID 312 wrote to memory of 4368	312	Windowsfig.exe	cmd.exe
PID 1764 wrote to memory of 4204	1764	Windowsfig.exe	Windowsfig.exe
PID 1764 wrote to memory of 4204	1764	Windowsfig.exe	Windowsfig.exe
PID 1764 wrote to memory of 4204	1764	Windowsfig.exe	Windowsfig.exe
PID 1764 wrote to memory of 3096	1764	Windowsfig.exe	cmd.exe
PID 1764 wrote to memory of 3096	1764	Windowsfig.exe	cmd.exe
PID 1764 wrote to memory of 3096	1764	Windowsfig.exe	cmd.exe
PID 4204 wrote to memory of 4676	4204	Windowsfig.exe	Windowsfig.exe
PID 4204 wrote to memory of 4676	4204	Windowsfig.exe	Windowsfig.exe
PID 4204 wrote to memory of 4676	4204	Windowsfig.exe	Windowsfig.exe
PID 4204 wrote to memory of 4816	4204	Windowsfig.exe	cmd.exe
PID 4204 wrote to memory of 4816	4204	Windowsfig.exe	cmd.exe
PID 4204 wrote to memory of 4816	4204	Windowsfig.exe	cmd.exe
PID 4676 wrote to memory of 4388	4676	Windowsfig.exe	Windowsfig.exe
PID 4676 wrote to memory of 4388	4676	Windowsfig.exe	Windowsfig.exe
PID 4676 wrote to memory of 4388	4676	Windowsfig.exe	Windowsfig.exe
PID 4676 wrote to memory of 1760	4676	Windowsfig.exe	cmd.exe
PID 4676 wrote to memory of 1760	4676	Windowsfig.exe	cmd.exe
PID 4676 wrote to memory of 1760	4676	Windowsfig.exe	cmd.exe
PID 4388 wrote to memory of 1476	4388	Windowsfig.exe	Windowsfig.exe
PID 4388 wrote to memory of 1476	4388	Windowsfig.exe	Windowsfig.exe
PID 4388 wrote to memory of 1476	4388	Windowsfig.exe	Windowsfig.exe
PID 4388 wrote to memory of 4320	4388	Windowsfig.exe	cmd.exe
PID 4388 wrote to memory of 4320	4388	Windowsfig.exe	cmd.exe
PID 4388 wrote to memory of 4320	4388	Windowsfig.exe	cmd.exe
PID 1476 wrote to memory of 3668	1476	Windowsfig.exe	Windowsfig.exe
PID 1476 wrote to memory of 3668	1476	Windowsfig.exe	Windowsfig.exe
PID 1476 wrote to memory of 3668	1476	Windowsfig.exe	Windowsfig.exe
PID 1476 wrote to memory of 5028	1476	Windowsfig.exe	cmd.exe
PID 1476 wrote to memory of 5028	1476	Windowsfig.exe	cmd.exe
PID 1476 wrote to memory of 5028	1476	Windowsfig.exe	cmd.exe
PID 3668 wrote to memory of 1328	3668	Windowsfig.exe	Windowsfig.exe
PID 3668 wrote to memory of 1328	3668	Windowsfig.exe	Windowsfig.exe
PID 3668 wrote to memory of 1328	3668	Windowsfig.exe	Windowsfig.exe
PID 3668 wrote to memory of 4968	3668	Windowsfig.exe	cmd.exe
PID 3668 wrote to memory of 4968	3668	Windowsfig.exe	cmd.exe
PID 3668 wrote to memory of 4968	3668	Windowsfig.exe	cmd.exe
PID 1328 wrote to memory of 3820	1328	Windowsfig.exe	Windowsfig.exe
PID 1328 wrote to memory of 3820	1328	Windowsfig.exe	Windowsfig.exe
PID 1328 wrote to memory of 3820	1328	Windowsfig.exe	Windowsfig.exe
PID 1328 wrote to memory of 1888	1328	Windowsfig.exe	cmd.exe
PID 1328 wrote to memory of 1888	1328	Windowsfig.exe	cmd.exe
PID 1328 wrote to memory of 1888	1328	Windowsfig.exe	cmd.exe
PID 3820 wrote to memory of 628	3820	Windowsfig.exe	Windowsfig.exe
PID 3820 wrote to memory of 628	3820	Windowsfig.exe	Windowsfig.exe
PID 3820 wrote to memory of 628	3820	Windowsfig.exe	Windowsfig.exe
PID 3820 wrote to memory of 424	3820	Windowsfig.exe	cmd.exe
PID 3820 wrote to memory of 424	3820	Windowsfig.exe	cmd.exe
PID 3820 wrote to memory of 424	3820	Windowsfig.exe	cmd.exe
PID 628 wrote to memory of 4332	628	Windowsfig.exe	Windowsfig.exe
PID 628 wrote to memory of 4332	628	Windowsfig.exe	Windowsfig.exe
PID 628 wrote to memory of 4332	628	Windowsfig.exe	Windowsfig.exe
PID 628 wrote to memory of 3312	628	Windowsfig.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe
"C:\Users\Admin\AppData\Local\Temp\5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61.exe"
1⤵
- Checks computer location settings
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4876

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:312

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
3⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
4⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4204

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
5⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4676

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
6⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4388

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
7⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1476

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
8⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3668

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
9⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1328

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
10⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3820

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
11⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:628

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
12⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4332

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
13⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4324

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
14⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3804

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
15⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4392

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
16⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2952

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
17⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4584

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
18⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1672

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
19⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2308

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
20⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2708

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
21⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1352

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
22⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3484

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
23⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:372

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
24⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1512

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
25⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3548

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
26⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:440

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
27⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4888

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
28⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3024

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
29⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3660

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
30⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3260

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
31⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:5068

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
32⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3444

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
33⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3404

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
34⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3788

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
35⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2412

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
36⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:1988

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
37⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2268

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
38⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3324

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
39⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:3940

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
40⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2264

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
41⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4516

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
42⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:2332

C:\ProgramData\Windowsfig.exe
"C:\ProgramData\Windowsfig.exe"
43⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4856

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
42⤵
PID:1748

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
41⤵
PID:5080

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
40⤵
PID:2888

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
39⤵
PID:4368

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
38⤵
PID:3880

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
37⤵
PID:4908

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
36⤵
PID:4868

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
35⤵
PID:3632

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
34⤵
PID:4060

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
33⤵
PID:4224

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
32⤵
PID:2460

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
31⤵
PID:4288

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
30⤵
PID:3696

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
29⤵
PID:2152

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
28⤵
PID:3372

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
27⤵
PID:928

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
26⤵
PID:3256

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
25⤵
PID:1156

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
24⤵
PID:3956

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
23⤵
PID:4140

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
22⤵
PID:424

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
21⤵
PID:4712

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
20⤵
PID:5084

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
19⤵
PID:5048

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
18⤵
PID:1420

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
17⤵
PID:4756

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
16⤵
PID:376

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
15⤵
PID:4888

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
14⤵
PID:2864

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
13⤵
PID:2392

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
12⤵
PID:3312

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
11⤵
PID:424

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
10⤵
PID:1888

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
9⤵
PID:4968

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
8⤵
PID:5028

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
7⤵
PID:4320

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
6⤵
PID:1760

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
5⤵
PID:4816

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
4⤵
PID:3096

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
3⤵
PID:4368

C:\Windows\SysWOW64\cmd.exe
cmd /C "del /F /S /Q /A C:\ProgramData\Windowsfig.exe"
2⤵
PID:4328

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Winconfig.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\Winconfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\ProgramData\Windowsfig.exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PREIF6EH\Windowsfig[1].exe
Filesize
976KB

MD5
960e271e42a03c8398952411d604effe

SHA1
0edbd4619b2971182567877b6c05033a7782f0e5

SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61

SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d

Download Submit
memory/312-132-0x0000000000000000-mapping.dmp

Download
memory/372-298-0x0000000000000000-mapping.dmp

Download
memory/376-249-0x0000000000000000-mapping.dmp

Download
memory/424-297-0x0000000000000000-mapping.dmp

Download
memory/424-209-0x0000000000000000-mapping.dmp

Download
memory/440-322-0x0000000000000000-mapping.dmp

Download
memory/628-202-0x0000000000000000-mapping.dmp

Download
memory/928-337-0x0000000000000000-mapping.dmp

Download
memory/1156-321-0x0000000000000000-mapping.dmp

Download
memory/1328-186-0x0000000000000000-mapping.dmp

Download
memory/1352-282-0x0000000000000000-mapping.dmp

Download
memory/1420-265-0x0000000000000000-mapping.dmp

Download
memory/1476-170-0x0000000000000000-mapping.dmp

Download
memory/1512-306-0x0000000000000000-mapping.dmp

Download
memory/1672-258-0x0000000000000000-mapping.dmp

Download
memory/1760-169-0x0000000000000000-mapping.dmp

Download
memory/1764-138-0x0000000000000000-mapping.dmp

Download
memory/1764-157-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/1888-201-0x0000000000000000-mapping.dmp

Download
memory/2152-353-0x0000000000000000-mapping.dmp

Download
memory/2308-266-0x0000000000000000-mapping.dmp

Download
memory/2392-225-0x0000000000000000-mapping.dmp

Download
memory/2460-377-0x0000000000000000-mapping.dmp

Download
memory/2708-274-0x0000000000000000-mapping.dmp

Download
memory/2864-233-0x0000000000000000-mapping.dmp

Download
memory/2952-242-0x0000000000000000-mapping.dmp

Download
memory/3024-338-0x0000000000000000-mapping.dmp

Download
memory/3096-153-0x0000000000000000-mapping.dmp

Download
memory/3256-329-0x0000000000000000-mapping.dmp

Download
memory/3260-354-0x0000000000000000-mapping.dmp

Download
memory/3312-217-0x0000000000000000-mapping.dmp

Download
memory/3372-345-0x0000000000000000-mapping.dmp

Download
memory/3404-378-0x0000000000000000-mapping.dmp

Download
memory/3444-370-0x0000000000000000-mapping.dmp

Download
memory/3484-290-0x0000000000000000-mapping.dmp

Download
memory/3548-314-0x0000000000000000-mapping.dmp

Download
memory/3660-346-0x0000000000000000-mapping.dmp

Download
memory/3668-178-0x0000000000000000-mapping.dmp

Download
memory/3696-361-0x0000000000000000-mapping.dmp

Download
memory/3804-226-0x0000000000000000-mapping.dmp

Download
memory/3820-194-0x0000000000000000-mapping.dmp

Download
memory/3956-313-0x0000000000000000-mapping.dmp

Download
memory/4140-305-0x0000000000000000-mapping.dmp

Download
memory/4204-146-0x0000000000000000-mapping.dmp

Download
memory/4224-383-0x0000000000000000-mapping.dmp

Download
memory/4288-369-0x0000000000000000-mapping.dmp

Download
memory/4320-177-0x0000000000000000-mapping.dmp

Download
memory/4324-218-0x0000000000000000-mapping.dmp

Download
memory/4328-137-0x0000000000000000-mapping.dmp

Download
memory/4332-210-0x0000000000000000-mapping.dmp

Download
memory/4368-145-0x0000000000000000-mapping.dmp

Download
memory/4388-162-0x0000000000000000-mapping.dmp

Download
memory/4392-234-0x0000000000000000-mapping.dmp

Download
memory/4584-250-0x0000000000000000-mapping.dmp

Download
memory/4676-154-0x0000000000000000-mapping.dmp

Download
memory/4712-289-0x0000000000000000-mapping.dmp

Download
memory/4756-257-0x0000000000000000-mapping.dmp

Download
memory/4816-161-0x0000000000000000-mapping.dmp

Download
memory/4876-141-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/4888-241-0x0000000000000000-mapping.dmp

Download
memory/4888-330-0x0000000000000000-mapping.dmp

Download
memory/4968-193-0x0000000000000000-mapping.dmp

Download
memory/5028-185-0x0000000000000000-mapping.dmp

Download
memory/5048-273-0x0000000000000000-mapping.dmp

Download
memory/5068-362-0x0000000000000000-mapping.dmp

Download
memory/5084-281-0x0000000000000000-mapping.dmp

Download