511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a

Analysis

max time kernel
109s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
31/10/2022, 00:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
Size

171KB
MD5

a15baae14a7886c47ae9f581d0aed221
SHA1

e7544cd38a07ffb8878c20b75b1a631bc8b25be1
SHA256

511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a
SHA512

6da1fb1f0074b29b9bbb6e331605e1abb7e7fb23479808680a37d0ba4c0f2789f2eaaf5a593491b6faf0498df30a395275a408cd519f305c04f3b5e08998cc8c
SSDEEP

3072:IFODvWtpHSlNAyx1+fhvFoEdqhJEkiLgRP19ip8AtIXPcqKG1j+i:cODery71WNPsE9LotABIXUS1P

Score

8^/10

persistence spyware stealer upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1352	_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1600-59-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/files/0x000500000000b2d2-60.dat	upx
behavioral1/files/0x00050000000055e4-62.dat	upx
behavioral1/files/0x0003000000005ae0-63.dat	upx
behavioral1/files/0x000300000000e717-64.dat	upx
behavioral1/files/0x0004000000005756-65.dat	upx
behavioral1/files/0x000d0000000056fe-66.dat	upx
behavioral1/files/0x000b0000000059a8-67.dat	upx
behavioral1/memory/1600-69-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/files/0x0001000000014e67-73.dat	upx
behavioral1/files/0x000100000000a3f7-74.dat	upx
behavioral1/files/0x000200000001dcd1-75.dat	upx
behavioral1/files/0x0002000000016cc9-76.dat	upx
behavioral1/files/0x00020000000216ce-77.dat	upx
behavioral1/files/0x000200000001a885-78.dat	upx
behavioral1/files/0x0001000000014e69-79.dat	upx
behavioral1/files/0x000200000001a887-84.dat	upx
behavioral1/files/0x00020000000216d0-83.dat	upx
behavioral1/files/0x0002000000016ccb-82.dat	upx
behavioral1/files/0x000200000001dcd4-81.dat	upx
behavioral1/files/0x000100000000371d-80.dat	upx
behavioral1/files/0x0001000000014e6f-85.dat	upx
behavioral1/files/0x000100000000a3f8-86.dat	upx
behavioral1/files/0x0002000000016cd1-88.dat	upx
behavioral1/files/0x000200000001dcde-87.dat	upx
behavioral1/files/0x000200000001a88d-90.dat	upx
behavioral1/files/0x00020000000216d6-89.dat	upx
behavioral1/files/0x0001000000014e7e-91.dat	upx
behavioral1/files/0x000100000000a3fa-92.dat	upx
behavioral1/files/0x000200000001dcf4-93.dat	upx
behavioral1/files/0x0002000000016ce0-94.dat	upx
behavioral1/files/0x00020000000216e5-95.dat	upx
behavioral1/files/0x000200000001a8a0-96.dat	upx
behavioral1/files/0x000100000000a40a-97.dat	upx
behavioral1/files/0x0001000000014edf-100.dat	upx
behavioral1/files/0x0001000000003722-101.dat	upx
behavioral1/files/0x0001000000014ee2-106.dat	upx
behavioral1/files/0x000200000001a958-105.dat	upx
behavioral1/files/0x0002000000021733-104.dat	upx
behavioral1/files/0x0002000000016d5a-103.dat	upx
behavioral1/files/0x000200000001dd61-102.dat	upx
behavioral1/files/0x000100000000a443-107.dat	upx
behavioral1/files/0x000200000001dd64-108.dat	upx
behavioral1/files/0x0002000000016d63-109.dat	upx
behavioral1/files/0x0002000000021737-110.dat	upx
behavioral1/files/0x000200000001a960-111.dat	upx
behavioral1/files/0x000100000000a44a-112.dat	upx
behavioral1/files/0x000100000000a452-113.dat	upx
behavioral1/files/0x0001000000014f22-114.dat	upx
behavioral1/files/0x000100000000a460-115.dat	upx
behavioral1/files/0x000100000001a8c5-119.dat	upx
behavioral1/files/0x000200000001a9d1-118.dat	upx
behavioral1/files/0x0002000000021785-117.dat	upx
behavioral1/files/0x000200000001dda4-116.dat	upx
behavioral1/files/0x0001000000014f2c-120.dat	upx
behavioral1/files/0x000200000001a9db-125.dat	upx
behavioral1/files/0x000200000002178f-124.dat	upx
behavioral1/files/0x0002000000016dae-123.dat	upx
behavioral1/files/0x000200000001ddae-122.dat	upx
behavioral1/files/0x0001000000003725-121.dat	upx
behavioral1/files/0x000100000000372e-127.dat	upx
behavioral1/files/0x0001000000014f66-126.dat	upx
behavioral1/memory/1600-178-0x0000000000400000-0x0000000000410000-memory.dmp	upx

Loads dropped DLL 64 IoCs

pid	Process
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ACLControl = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ACLControl.exe"	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

Modifies WinLogon 2 TTPs 6 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACLControl	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACLControl\DllName = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ACLControl.exe"	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACLControl\Impersonate = "0"	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACLControl\Asynchronous = "1"	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACLControl\Logon = "ACLLogon"	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\de-DE\diskraid.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\es-ES\hh.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\bitsadmin.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\it-IT\hh.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\iscsicpl.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\en-US\findstr.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\it-IT\cleanmgr.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\en-US\cipher.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\gpresult.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\it-IT\audiodg.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\driverquery.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\es-ES\eudcedit.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\ja-JP\attrib.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\ja-JP\fontview.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\dccw.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\en-US\certreq.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\es-ES\compact.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\it-IT\hwrcomp.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\ja-JP\EventCreate.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\en-US\arp.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\es-ES\chkntfs.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\ctfmon.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\ja-JP\diskpart.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\WMIC.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\en-US\fsutil.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\en-US\ftp.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\es-ES\ctfmon.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\es-ES\DeviceProperties.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\es-ES\ICacls.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\wbem\de-DE\mofcomp.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\hostname.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\it-IT\grpconv.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\Dism.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\dvdupgrd.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\en-US\EhStorAuthn.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\colorcpl.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\fixmapi.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\chkdsk.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\dplaysvr.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ditrace.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\es-ES\bthudtask.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\it-IT\ctfmon.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\it-IT\dpnsvr.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\ctfmon.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\DfrgUI.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\DisplaySwitch.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\attrib.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\bootcfg.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\findstr.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\it-IT\dialer.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\DWWIN.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\eudcedit.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\it-IT\dvdupgrd.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\ja-JP\label.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\comp.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\es-ES\bitsadmin.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\ktmutil.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\es-ES\EventCreate.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\cmdl32.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\ja-JP\hwrreg.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\AdapterTroubleshooter.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\en-US\cttune.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\fr-FR\cmd.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\SysWOW64\de-DE\clip.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files (x86)\Windows Media Player\es-ES\setup_wm.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Mail\en-US\WinMail.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows NT\Accessories\it-IT\wordpad.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.71\GoogleCrashHandler.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Mail\de-DE\WinMail.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMC.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files (x86)\Windows Sidebar\it-IT\Sidebar.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files (x86)\Windows Media Player\it-IT\WMPDMC.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.71\GoogleUpdateOnDemand.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe.config	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files (x86)\Windows Sidebar\es-ES\Sidebar.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.71\GoogleUpdateCore.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\04d794428d635f6a82ac57dd3d6f3628\SMSvcHost.ni.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\ehome\it-IT\WTVConverter.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-rasauto-mui.resources_31bf3856ad364e35_6.1.7600.16385_it-it_afd157872a1b6c26\rasautou.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.2.9600.16428_none_8cae83b0cdeb7a9b\ielowutil.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..cognition.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8037f2aa7a85980d\hwrcomp.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-whoami.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f9f910a5e61c5e27\whoami.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Windows\winsxs\amd64_regsvcs_b03f5f7f11d50a3a_6.1.7601.17514_none_76de745b101f0148\regsvcs.exe.config	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\MSBuild.ni.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\ehome\ja-JP\ehrec.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\es-ES\helppane.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7871ea5b49da50fd\winresume.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0f9192e319053501\reg.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_5ea8eb97e1637fb3\MultiDigiMon.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_98f46d0af032bae2\hostname.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sysinfo.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_62cf1fe62e97bb52\systeminfo.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-c..omplus-ui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_985ced2cb82c21eb\dcomcnfg.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c11a68c722bd1141\wevtutil.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d677c77014f9b1bf\lpr.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-smss.resources_31bf3856ad364e35_6.1.7600.16385_it-it_cd09f3344310f0b9\smss.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\Backup\wow64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_de-de_227521a01b1e0f11_perfhost.exe.mui_2046145e	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File opened for modification	C:\Windows\winsxs\x86_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_83171a284b28fcec\AddInProcess32.exe.config	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\fr-FR\explorer.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-at.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bbd233571ba32958\at.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-eudc-settings_31bf3856ad364e35_6.1.7601.17514_none_b84dc938eed78546\eudcsettings.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_a3c349b4bdac0898\RegAsm.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4c280f4fcec33c8_services.exe.mui_86ea5e71	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.1.7600.16385_none_3580dea4def227d4\esentutl.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-osk.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0c89b97c90e91bc5\osk.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_bf4980401574a899\logman.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_6.1.7600.16385_none_8d8925a444607f8c\reg.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-icm-dccw.resources_31bf3856ad364e35_6.1.7600.16385_en-us_20d60f5b359fd24d\dccw.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\Backup\amd64_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7601.17514_none_51bcbc61a5466a58_certenrollctrl.exe_9495aa75	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\Backup\x86_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_114ca177b1fcad24_newdev.exe_7eb73dcd	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b68b0a67ec869d6b\memtest.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_e2ebaa32abd84c8f\PresentationHost.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d2815172486e4fc5\WerFaultSecure.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-r..comserver.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e2bff5ee61548feb\raserver.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-bootconfig.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1bc9d99f35f4f087\bootcfg.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ie-iexpress.resources_31bf3856ad364e35_8.0.7600.16385_en-us_3e16230dfd28c743\iexpress.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ieinstal.resources_31bf3856ad364e35_8.0.7600.16385_de-de_c79c5197f461fd45\ieinstal.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_815595e5270d7840\setup_wm.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_16699919077609d2\taskmgr.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ehome-ehrec.resources_31bf3856ad364e35_6.1.7600.16385_it-it_bbfd04b85890d5e7\ehrec.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-scripting.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_89a46599641db54a\cscript.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-wmi-core.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5f8cc8189e9fc533\WmiApSrv.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\Backup\wow64_microsoft-windows-p..structure.resources_31bf3856ad364e35_6.1.7600.16385_it-it_5810c0c2d427085b_unlodctr.exe.mui_53acc4d0	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\Backup\x86_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b6bfad83ec5fabc6_memtest.exe.mui_77b8cbcc	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0937a971000a33d6\csrss.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-at.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8eb883262064c5dd\at.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-icm-ui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_9377df51142611e3\colorcpl.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..plication.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_d7bee0b8cd3291fc\migsetup.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bc3d05c5f545b326\mspaint.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5c4e3477a550d46a\cleanmgr.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-t..linetools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc53e808eda33786\chgusr.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..shell-mui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_d60349b481876c06\powershell.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-e..atibility.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_28777966d8b4cfc5\DWWIN.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c9e3718c2873c7ad\ntprint.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-p..mmandline.resources_31bf3856ad364e35_6.1.7600.16385_it-it_7af8f1283b68edaf\logman.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_16702848f9dea1d3\wmplayer.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-processmodel.resources_31bf3856ad364e35_6.1.7600.16385_de-de_02b24a58ead23f70\w3wp.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-atbroker.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c32dfb5248079480\AtBroker.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.1.7600.16385_none_45fe6fe8a9201e55\comrepl.exe	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-lpksetup.resources_31bf3856ad364e35_6.1.7600.16385_it-it_be93ac22d37c8051\lpremove.exe.mui	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1352	1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe	27
PID 1600 wrote to memory of 1352	1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe	27
PID 1600 wrote to memory of 1352	1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe	27
PID 1600 wrote to memory of 1352	1600	511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe	27

C:\Users\Admin\AppData\Local\Temp\511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
"C:\Users\Admin\AppData\Local\Temp\511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Users\Admin\AppData\Local\Temp\_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe
  C:\Users\Admin\AppData\Local\Temp\_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe "C:\Users\Admin\AppData\Local\Temp\511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe"
  2⤵
  - Executes dropped EXE
  PID:1352

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

Filesize
152KB

MD5
08785071b116574b079df3b4e4d37d4b

SHA1
0fa56d2e7bf4a2fb62b76b4b073ad8280b6f07aa

SHA256
e44497e679a9febec852dbd158fd93ca944c3a4eca34ecfe0aceb4e39a9acc95

SHA512
4ac9ed6b4dc49e3174fd33ec131cb24868a2939189d1db46f1480421fa5e0c0f69a49197815fd81ae3ad0968bdcf3ea32968d451bf9f4becfa3fadfd4c458485

Download Submit
\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe

Filesize
464KB

MD5
aea9bb46a292d93b807dc9fea68d3351

SHA1
03c2c09fc4703d0744982f628e290819673da274

SHA256
5ebc3d06906836814034e5ad687f00ccb920879c4c92da44c8dda484399962f1

SHA512
6f1d59515e4b06b61d7a6c77d5ccc5d876b610f9a84924e6db56d623e9c038adfdbe1618e6b5e0df6d6e7c291887c697e8da4bd713736c2e3a94b640e5096cd4

Download Submit
\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

Filesize
653KB

MD5
bdb27c449572afe909802d0bc42dc4ca

SHA1
d0c5c1908d04b6d5567028a12ea9bbe2af3e9af4

SHA256
b32221b34034dd1efab9417f1c49aff2bc27f1da0d7a9daadce1544a67358c31

SHA512
82962d401380e494682a9d63ae5f9ba7b58a1d8b58dd74154f54c45e3f2d086d9f55def9c70ccc380a6be7f37a4a78d41d3680351e282c3a36abc1f45f5492a9

Download Submit
\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

Filesize
653KB

MD5
8eaf9882d1e58250f7026cd83b0ea343

SHA1
e5a4abb2f5e9060116a2d662f26dc7db377695ec

SHA256
d99d6fa8019a4f621b0d87e5ea71e84568b95fe530f959205f66bb085b946fbb

SHA512
68ba16e297cbe625a616e2aaac33244b6935d1c18564a0f5416494a3842de7484e4ad43909cf8cea4ea97f4711a58d17b66910fe3114589ef211bc319207ce28

Download Submit
\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
474KB

MD5
19eb00d05bf12f612dc9b2edbf80bf4b

SHA1
ba23e2622172b179bf4b4f7884493b7539a46886

SHA256
4f70ec878db2d528920c3c6bd2b0b11095a97f1dc94b2e502dc7717c6fa36e04

SHA512
891dbfaddf385908d3923c3f47f90b33ea20403f50f6c9f7925964298fdf7f004ef0cff30e054eb62765238521e5d830ebf8f6608e8de05be118631f23814c90

Download Submit
\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
464KB

MD5
9c762aae9ddb88adfadddc8b61be6624

SHA1
3240d47fe5ea7d4bc5e6117f4edbd4b75e04c076

SHA256
6b99fdec475cf1bc84e74a0bfdc8ff54ce101386ba16bed4e54c401dcdfcbaa4

SHA512
dec621060cad8796cc7ed0a9550a1a33ffbef61130926d1c64ccb22e71a87c119ae6c613f5b40da8f91cb56a24f7cb1f0b5bc7c6f07ed5aa7db7f364beca93ef

Download Submit
\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe

Filesize
474KB

MD5
98b1e71ea35410216d5b29e18becca1d

SHA1
f45e16d2036485785374f93d467734d36cfdf30c

SHA256
f6f7a9ec1c62e8d087e53de683ef3a2f0cd5290c63039aa3c156fabc8ef31bed

SHA512
5b0cfd6b0b61d612ac0a0b986eedfee9d3a729d98cb9cc4f958c3a2601218c54dfca65b23f80a338148cf979795c3aa9da544980c323a9a449d6b5b4a6a99ce2

Download Submit
\Users\Admin\AppData\Local\Temp\ACLControl.exe

Filesize
171KB

MD5
a15baae14a7886c47ae9f581d0aed221

SHA1
e7544cd38a07ffb8878c20b75b1a631bc8b25be1

SHA256
511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a

SHA512
6da1fb1f0074b29b9bbb6e331605e1abb7e7fb23479808680a37d0ba4c0f2789f2eaaf5a593491b6faf0498df30a395275a408cd519f305c04f3b5e08998cc8c

Download Submit
\Users\Admin\AppData\Local\Temp\_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

Filesize
152KB

MD5
08785071b116574b079df3b4e4d37d4b

SHA1
0fa56d2e7bf4a2fb62b76b4b073ad8280b6f07aa

SHA256
e44497e679a9febec852dbd158fd93ca944c3a4eca34ecfe0aceb4e39a9acc95

SHA512
4ac9ed6b4dc49e3174fd33ec131cb24868a2939189d1db46f1480421fa5e0c0f69a49197815fd81ae3ad0968bdcf3ea32968d451bf9f4becfa3fadfd4c458485

Download Submit
\Users\Admin\AppData\Local\Temp\_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

Filesize
152KB

MD5
08785071b116574b079df3b4e4d37d4b

SHA1
0fa56d2e7bf4a2fb62b76b4b073ad8280b6f07aa

SHA256
e44497e679a9febec852dbd158fd93ca944c3a4eca34ecfe0aceb4e39a9acc95

SHA512
4ac9ed6b4dc49e3174fd33ec131cb24868a2939189d1db46f1480421fa5e0c0f69a49197815fd81ae3ad0968bdcf3ea32968d451bf9f4becfa3fadfd4c458485

Download Submit
\Users\Admin\AppData\Local\Temp\_511dfbde20fc21dacb173bd7e54cac48014cfb1e7a43a1a97fda52b6d9d75b3a.exe

Filesize
152KB

MD5
08785071b116574b079df3b4e4d37d4b

SHA1
0fa56d2e7bf4a2fb62b76b4b073ad8280b6f07aa

SHA256
e44497e679a9febec852dbd158fd93ca944c3a4eca34ecfe0aceb4e39a9acc95

SHA512
4ac9ed6b4dc49e3174fd33ec131cb24868a2939189d1db46f1480421fa5e0c0f69a49197815fd81ae3ad0968bdcf3ea32968d451bf9f4becfa3fadfd4c458485

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b26ca36ca5acf78e\chkrzm.exe.mui

Filesize
27KB

MD5
a2f3b823573689f58545cc8dc5405b39

SHA1
74c881f7955997045f887f41c00b3c272343e02b

SHA256
b1e5ec18aae57e02bf50d0b39cc09c30b3aa2a7e32ef21b24fb4d033dbcab886

SHA512
d9c4d47161f235120fa7ef5f615b3134c5fef4850a6e0c456e292647058d4a0a1e7f8a2127f0052c84797686ddb28e2b1acf51ae36ebf60941bff8d08eeea368

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5b5d7965948b0353\chkrzm.exe.mui

Filesize
27KB

MD5
39121fb4a3c396eb1a07f2efee9e728e

SHA1
29be5b83817a364a8e5fac8dfe4224d3a2001245

SHA256
d61f1e7f87e274823159f2fbb46f59a9b5bf8b5d69ef667ff4e8d7e16310786e

SHA512
f423ca6bc31de96a9736bd81e6ef25948746df955200d0472455b5e6a68b7f8a6b245b7b977673a672cd1bf94f63f45f3f78d17a2df1d5cbee531af7ce546a83

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5b28d64994b1f4f8\chkrzm.exe.mui

Filesize
27KB

MD5
4791820c620fa08d477baebf348f7924

SHA1
984bea3813b5236f73a3bd4bee3761ea23145562

SHA256
fd8a4caee597234c57c119e53247cf803915dc9a7deaff579de9c45cf2490790

SHA512
bfa9a7c81e151ed2a2e587268860dccaed715d1211fbde4da5e087aaeb3cca6846411b9b232b46212c4987b9db9657108b732bb1c6435d34ef58202cbf9dae04

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_fde04c4887840b5a\chkrzm.exe.mui

Filesize
27KB

MD5
cdfe87c8afd711d23af83c6192225890

SHA1
5f9022a2c707a527eca42eba6357be477562ba9f

SHA256
18e23c5e4d8280a549c58ee20b01f2b0c81d3d0e0cc72fa1dac5b477d4b3eb35

SHA512
675ae4ea6c8aaa5931726afe705db9698e5730ad800a1c0732c7b933c140fb5b28bc0bf90ddbe0c008fb85b8495c89a41c4b20548628f1d1d6683f3d5277f48b

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_it-it_e808428f5eb5f0d8\chkrzm.exe.mui

Filesize
27KB

MD5
4a4f9a8ebb2314ad3d26611fdbd64cca

SHA1
6c52aa8c622222556a221cf940d9f6365d49c2a1

SHA256
9a1fb81eeba344cab38d06cb96c6146e1dcd8154d8995962acc0fdb1d15ec586

SHA512
a7d6d6ed43b838b0c1f4a0e8a2454d88603389d19c875aa01286f7f72a69448204b76e6c62416bb716f54692cd706b6f3784e23ecb5e53c7c14a3eb582d94e73

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-checkers.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8a2dc19c51d102b3\chkrzm.exe.mui

Filesize
27KB

MD5
4b2b6512ae985dae92d832c67dfefadd

SHA1
65993d5f39cfd5f8fff2ee703f018fe8b4655279

SHA256
bbc64c803a3606a43bd912f17c5f01fb5fd2648bb9e3b501b73ae0ec38296da4

SHA512
62e53307f8bc1964ee96ba55105c03b1822b6e904ba7f076df56cf706e1589eb26a738484b58d9990feb90cd3f20480ead8029a507d070ce3f47602350006235

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cbc7ace537b928fa\FreeCell.exe.mui

Filesize
71KB

MD5
42031e07fac41773522baa405925d868

SHA1
fe05e8e900939029f613745728ff8f87e0ed3364

SHA256
3ffd7f55fe67ecc2c05b09254644732d2321b640eae4e52f27ebf130c7a95eb3

SHA512
a9ebd601d9bd533c6040e2fd22c15309d14859759310398d3233abb5e671b4415306d2c25f26631299b2237eea689cd9540d7c96ad907b367a2cc4a93893e8e8

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_en-us_74b882de269734bf\FreeCell.exe.mui

Filesize
66KB

MD5
114cc7aa103e8f48b6d080f41fb3ddfe

SHA1
0f1ba6bf4ad93500cab19ece0e72d41b08d31f93

SHA256
d10b5027bb309d0e02f88f2a62abc90f3aa768e484463d7ca45dc1811466d9c6

SHA512
0a45552840605e5d38e9123ef2a13fec0fed7254c9679b7550f649e3f6781b2491dfb89c20adeff2c349145f0fe2d09f9bfffc25d24982f2886aa38d7fe3357e

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7483dfc226be2664\FreeCell.exe.mui

Filesize
70KB

MD5
830e8f1e0d1c19b36dadbd6e5a593250

SHA1
b952221a63e42eab1eb1e29162477b5341b213a8

SHA256
f2526bdd378df7a11ba6f330a92b245227beac5423cbc11bafe1f734091215b2

SHA512
7e9d20f5c6ad65964512bf6e8a174d2460e6e18b2f9b75610108d7aa216515121384a1932a3e3f81f9bc14df1502ed889e479788e97d1ccf2e61665d0c58fd4c

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_173b55c119903cc6\FreeCell.exe.mui

Filesize
72KB

MD5
1db563747df112353a572ffdbf8d9dd9

SHA1
d4ea976189c8e95cffaa1d596b97cd2df08862c9

SHA256
03a6b9ef79b4b0cb65bf8895dc2d73f93de75954aefecf222a6f15076657619e

SHA512
3cb544a3d091dbe6ff92a20963e10cd014124afc40ac9073191822506c87c95b8203562d86017ee71c8af792223153853f47cb5daeac511e4205ee93d62454f5

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_it-it_01634c07f0c22244\FreeCell.exe.mui

Filesize
70KB

MD5
cd372ba8928d48af2aba50e2893fbbec

SHA1
2dbf6712607fb26a8c17530e9f23dfd5687b1cc4

SHA256
80dee113fa5dac17d876d6461d177de3be30a90caac78ecade2914658c27cb7e

SHA512
d251077582a75fb53c23917d084deaccef2c7e7c76ff7a875b0586a21f320ff3d21d3d6e74857f023f478d55255f0283686fe8151d03c77a38d85a427c78b320

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-freecell.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_a388cb14e3dd341f\FreeCell.exe.mui

Filesize
57KB

MD5
defc5fb64afd5696ee29a069c3588e96

SHA1
187fe6f6b13f8fe554ebd49a82f1748eede45360

SHA256
6706bc393dd546e3f4e57365510385946462ce1345c855cc219e40a678771e81

SHA512
928bbeae4665c88562d46d02f3d7cb5a41ba7aef1fc05e5f51f216d3378543fe17b670b749b406ef37522864701ec403b54fed70cc14da21930c27712bb60f23

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_de-de_775e5acffd45d164\Mahjong.exe.mui

Filesize
70KB

MD5
94cd8868b1e4e6bb4718e2246727bee4

SHA1
c99a6ef699b1b18e07415d591fdc1c87c3c716f2

SHA256
ae8c563d277073449962618b7f6f98955da92b7f4bf6d3ab29a3fadc71fd3d98

SHA512
541cf0a4e5558faf2b17bbb300bfa048ed2b6caf9f037853c142364eeb7dedb4407ee900043a0cec077e95dd3ed8208dfcfcdae5e9ab2e9b865e8393ce954466

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_en-us_204f30c8ec23dd29\Mahjong.exe.mui

Filesize
64KB

MD5
26ca6ad1fcb6140f6de3d390192ef01d

SHA1
9a39e293dad1c6f1e897566636d377f02558a31a

SHA256
ad45e8977281daa124155b2e2b1ee6dd08d3ac8f03bfd45c90f736eac1967769

SHA512
6aa587a57fd00913b59f43d8cd6efbaa4f941e7f32e5be41bbdaf2f61279af2f1a8818a61ed9cbd45be0d26232747de1288dd2240d766d3dc4f459eec53d88cf

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_es-es_201a8dacec4acece\Mahjong.exe.mui

Filesize
68KB

MD5
2a57da85d3ae8113b59b0a406df875a3

SHA1
9d9366588f360f679f3d2fe6876d798986b2b9da

SHA256
f7973d40e1116680871645ab265da5e264d82c04602679a72b4e37eac4c7fb30

SHA512
576a9389baf1902b79fcb649500da12353b23ae6734ef00ee95ffcf8ce7d3b132d3f9be6dff5f5d6550fc93898a1acf2d60b36a5967412d96f62e6664da56843

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_c2d203abdf1ce530\Mahjong.exe.mui

Filesize
70KB

MD5
5eaf24be86d892cd3a5ea9120e8b807b

SHA1
e1e68908f83e7cd36976028670d0f8972ab17979

SHA256
15737fc9cf7f3cc07d2e32e66d1ad1568f9d4e376160a84a19f80e85f407e995

SHA512
6f62bbec0f5e320cc855f95a406a93285607a14811052b397a99d0c1c3981bdea273329557f1683bc261c52e097e4c3413ef7abc7727ac4a99c6aeb6508d8f9d

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_it-it_acf9f9f2b64ecaae\Mahjong.exe.mui

Filesize
68KB

MD5
12acbd922de3d3b673d083e2379fdf48

SHA1
ebae5c70c089484861b40424b7064d6d95b8beff

SHA256
c7ac99b555da8e8c18bb95680346058ca6657d8b8f6d0de26ad40d36d3bb93ea

SHA512
7315429487b5885b0d63e4d78ea4d6c61791718d09c03c2d6c9eb56d80115e82ea2591d8236c3bbd5dca40c1e550fe263e327e093b3db89033d220477f23020c

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..-shanghai.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_4f1f78ffa969dc89\Mahjong.exe.mui

Filesize
56KB

MD5
2f5f7b67c14ef75b5c9f68327e895c42

SHA1
db7de647704de1fe3dd9616920f29b0b61d14875

SHA256
faedf9a2c3411cf4a1f4cbdd7ce1d3e277b9aa20af3cdc35876206c07e1f52a9

SHA512
4338d121a3ad54948f20690624e96c83835abdc57a1887a4b262295b4eeb0320a3eebab982eb5425732b70958c2ad6b9863b97500d3e643668d8bc9826af8c92

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1970b11cfb70c9ca\bckgzm.exe.mui

Filesize
27KB

MD5
10890747a9c020b31a2a782976fd84c5

SHA1
c2440071897e727308e3f83bf46acddb953824af

SHA256
ad591388459c746dd656d682d22fa29335ef9cc8dbbfdc95dd95684abf0d4094

SHA512
c58db635f51388f6a298e4cd86d92097a9f582cb4c1d151f6c4f649672013cccd18483bab03a1c37b2d691c5056b934acd9abe59f1864763be55fb930862e0da

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c2618715ea4ed58f\bckgzm.exe.mui

Filesize
27KB

MD5
440ee7b597a33d3448e03988fcc1ae3a

SHA1
8148dfebc0b14e878e238f7359c907976677ae88

SHA256
df4a69c2b2592886ad9b1ca7bca6ad6d45f3bd5a60f351c767d6bc764b3196e2

SHA512
5d98b2893cd61918c185d5bfe71a16b63bd082f0bfef55f65af01b9a8630fcce29e2e2c4b3b23f80ebb8a3edcdafe30f3ccbb45c307b5cd54d4ccb1dddc39335

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c22ce3f9ea75c734\bckgzm.exe.mui

Filesize
27KB

MD5
7c67135dfab1c736c9c63da1e28dec47

SHA1
c6766483d15202f9c572ce1770d639659cda3d82

SHA256
2c73de4f53424d3bcca99f20d99ff652866358e72f11aef000d88cf5c9b514f8

SHA512
74f567964c5496228138b46fdaee21e494afd1f31257c19f34d0eb22397139203d49d90c86f38c297e7525c7fed16afbcc77a0af4798ad3813358824f6571ff4

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_64e459f8dd47dd96\bckgzm.exe.mui

Filesize
27KB

MD5
75eb09689ad7383f48d53eecc3ecdb2f

SHA1
be69bd3dda6c51a5cf658cdd1c243ade589f5e45

SHA256
66c01d38843f4c99af564ac3e43e5188dcb2ebfb13b4caf4a01e8244cb1f64bf

SHA512
af3a6392a1cdd38eb5e1b7a45245ffcc8c78214fdf6c472a7dcc65d44be9c8057de0d541e903316d6e99f637b7b8428c7de7629e1dcdb76dc1c17c070844a2d9

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_it-it_4f0c503fb479c314\bckgzm.exe.mui

Filesize
27KB

MD5
93a216f6e2e9a8cd573c75b696247748

SHA1
17d900e574a58a7ed62017f6bc09c79980aa8ed9

SHA256
fe4ed079b6bb1dc0bb545ebdc240dba7dc49713015a062886595e46f7e1dec47

SHA512
f3e2ccc822bf523a8d820b9684d49adc6038ef91bf448e5f33f26c961218ae63ccf612f9d35064b033bc47614d94194f75c7422d9d2dd3c4ffd8abcb34c0be16

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..ackgammon.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f131cf4ca794d4ef\bckgzm.exe.mui

Filesize
27KB

MD5
ab8606f3dc97436ef9cac669f8541132

SHA1
45be433b902d2f299178b18d312760c11d1fa4cc

SHA256
368c635d6f404e9c526234fad67caedaef837c6772c571f2d8bf90b570250254

SHA512
75e801b5a84ce64b66b0dc1c465e587798d4ed1d9a5bb8b2ed065088cacd6948da6b227db36b93e314fcc42769bb127c173d13d077a82d48dcf9e7290690976c

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..boxgames-backgammon_31bf3856ad364e35_6.1.7600.16385_none_668d031845881638\bckgzm.exe

Filesize
111KB

MD5
38de41f0d3805563e7e448b6fc03f7fd

SHA1
2b5e533adc2c75a547d4fcfe43b8af67daf3de05

SHA256
d3b89d80dad64536feb68ad3c58e973c4b8e8f7ed3f7821436539721a2bcc735

SHA512
d7f1c0ce951ceeba3a74e9c0067aca1f524c7891addc8f0731945016e736466b13ba63cdc3f1f7d4fd16f223b63e27f6ab494f0e790b7214fbee5f6fa6a42700

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-hearts.resources_31bf3856ad364e35_6.1.7600.16385_de-de_4017d5a51dfb074f\Hearts.exe.mui

Filesize
77KB

MD5
1e25ea8ad2487a728860098ffe10a3f0

SHA1
5ae5c07f55b315871ec1920db197ac5f2aa382b9

SHA256
2d310025f48be9e2ce5b07f012f8fc4f272e42bb8fe12b76ebedba2105885b30

SHA512
0ebd23e6cfd3d796cae2e0e87d7a723e3e2fbbb3160057d3e398f0285857bafd09775d67825aa3dd8ce9ba9f6243245b72dc2e57149348dd0254942e82f33b02

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-hearts.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e908ab9e0cd91314\Hearts.exe.mui

Filesize
74KB

MD5
938a7dcece87f633ab6a84b1ad340fec

SHA1
3e534953a4819ae86cdc2f2f9668ce5bbaba1454

SHA256
57c2a98be0da0bf160ed6111931742ff7c8e61c74323d403270e930794be2a80

SHA512
f4297db83ef8ead8f828d750eea2e17a1c79b69d89a04116df1df7efd52d53165a2453923e4d0ed61bb805fe4e331c41a76a47d784d0a5be10f60ba7acf53cb0

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-hearts.resources_31bf3856ad364e35_6.1.7600.16385_es-es_e8d408820d0004b9\Hearts.exe.mui

Filesize
77KB

MD5
85e8d574c3c1d2e7fdbe68bef4803147

SHA1
aaa54c1e0b34b7b3d30f3f06d3337446b19eb097

SHA256
0850765c750fddd779819f4eaed3be17241b78e8da1b56cbd65e914d913f33b0

SHA512
e11704182860318fd29419fb1fa1c84ca1c9b8a0b01b025d2a2185c1b922d802dc36dcce076c2d6fc495aed46ed9a1a0c94845dcabbe04d873e96c3a925eed64

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-hearts.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8b8b7e80ffd21b1b\Hearts.exe.mui

Filesize
79KB

MD5
610feaa1b3d4ed15bd6b8f55db75e449

SHA1
1f4fcb05ecfa27908e5ddd40bf488bd381277329

SHA256
94171f45393b7732a8fa9b5c572e6c42d01b897e506164e9ebf7a752cdeea897

SHA512
b72e99f970771700c2ac7baec473628769ba3456cce0f683baf277e25c7e4d12fd3329346dac2e294c1e06718e7cc4dce05353f682304ee8433dac015af44c44

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-hearts.resources_31bf3856ad364e35_6.1.7600.16385_it-it_75b374c7d7040099\Hearts.exe.mui

Filesize
77KB

MD5
30a93852bc1a5b6af9a2f5eb5c9e0b0a

SHA1
07ebb850d57c2c3c9101ab33da2b812fc7ed8a24

SHA256
92f3d1b9271fc2bf12b42d38938e9a83b5c2dcca67a84d13d346fd331fb8a659

SHA512
f91d36d2aa2bdb9f30a1d8db83d5591b76a31b26584d3ed973b3c3c5546596728157c73accc5f2b53e094a7e91ddd89d816b5e7efce146c261e6ab2c98f1f2fc

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-hearts.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_17d8f3d4ca1f1274\Hearts.exe.mui

Filesize
66KB

MD5
f6ef3bcd45f1de6f42bafd283488bbb9

SHA1
4806f91629af26e256951d653c05c1fa4fd8f988

SHA256
fb6ee41c241fdc2093214e79cf6e1411a9fd2f5da5d5bb87ff6252692233a7a0

SHA512
c1a061d0a9098dce6c7b7b252bae413d8a07df03b20296eb29786485e9fa40e87b7104aa3f0f1a9dc7a6d65074e61cd138ac67d3bc5da881e8783b0d008af648

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0ac7bb58de12e1e0\shvlzm.exe.mui

Filesize
27KB

MD5
a7f74fb032fd4062ce603e12b71a2f15

SHA1
c26672ef8f66e6a4af1955105d3ba52f94e647dd

SHA256
63e138d00a55bdcadf24fcb8e3e6c4a71400c44ab2cbe7e8b247a74c8e7256d1

SHA512
7c0705e9e88a8bc98a4e3e4091abf27fb8b7b28793d582ac33bdc8eada9bac3e8c7c1971811aeadaac18323314b1059b94a9c4111997fad2c5fcadf95cd9ee5c

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b3b89151ccf0eda5\shvlzm.exe.mui

Filesize
27KB

MD5
469f13f1665d7b47e5afc6c4c6aa32d5

SHA1
6f5aec9aa43c29fe1c7f1a39a428ef8c704d10a6

SHA256
f04b0f390cfa404940e9996bc250d130d1bd54da9016d582a9f6138a2d419a89

SHA512
0f1f160ff5ea9aa08f5f7db95f5aece4bb857cd23ef8f171801bba2d4f853fce33febf63364cedcf7c7e1dc6371fba57d5f5cfab619ba775290235d01af3e735

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b383ee35cd17df4a\shvlzm.exe.mui

Filesize
27KB

MD5
e6f29e62b2678f9051de188c84757dde

SHA1
219ce84e55f690bcc4076322cee33c6232b60520

SHA256
c82efc067ff38b340349d2651f6b2f11a3579c2d5abf151de01bd5185797ef6c

SHA512
8ac115664b5e187a43b6754b74af23e237751364f81313a50f70441730549d40da48f4b8b8a281cc45e0a4bb50bd08b91ad897900ca396d39a3367f0dd75f654

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_563b6434bfe9f5ac\shvlzm.exe.mui

Filesize
27KB

MD5
f12867793c96a9e20f57405a6e77c24f

SHA1
746e91d505140e069fad5ed80a2d0b42d0dde954

SHA256
69f27e434f65937060e403c389a1850059cab076b97d26bcbc1eddf1a7af0447

SHA512
4104b9e662021817f8a4dc0f2a3cdb053c69e51893c557bf29bffb97d6105b329fb2b80587a2d3df32d192652bb26aa8e53b3dbaa05d94c61690a1d57c7d43af

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_it-it_40635a7b971bdb2a\shvlzm.exe.mui

Filesize
27KB

MD5
102045b6cf1b5fc3197466bba14f3f27

SHA1
eb211134720f404af01dc8fc35dd33bd898abe3e

SHA256
5432df4efa719fc4c2e651ecdf09165bca0f8fc5119d256924bb1fdb19a56db9

SHA512
e7ac625a218a4725e8df9ffe8a26621f42baf62b39d98c22c48fb297f723af766cbf3464556a6c7e6c9cf338857ce5357b01eb8fde99fc4e11a3ab600c087c6f

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..es-spades.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e288d9888a36ed05\shvlzm.exe.mui

Filesize
27KB

MD5
3ee83bdcfb85d100563917377cea7b55

SHA1
ee48e7138f74d887340ed2fb8ba55c6520373b31

SHA256
664a3e2cd6484345f1962a87258dc2ffab5e427f90e46880b858d5ee25fe5c95

SHA512
b783f7148543c5ccf620a8ca7235cdc57a9f6c2670034156e296e699d44a8384c1451db25f5991a992edb98a35e3c0b7917eaf1950f299f69cf335e91623da6e

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..inboxgames-checkers_31bf3856ad364e35_6.1.7601.17514_none_d467c138cbce0b24\chkrzm.exe

Filesize
120KB

MD5
16afc33f5af3291c6add08a64e6f3f91

SHA1
f81bedda924e44182c1318667ad0f7d1d9faa22a

SHA256
b0b961939c9b0f27ad2826768bc03d1290b1de59f1c7061de58d49ccff4d1866

SHA512
4bb88e05d2a3d3de3cb2c2d693c2c8dbd8f5786ed7c8d1192d669bd557488d753bf4ef8de9eae969e115f451eb42a1993eb8e122d3613afd39ace319a96e0383

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe

Filesize
3.1MB

MD5
1e810c50cc34990025bbaea9eb516749

SHA1
485f2e7bc0185fc1f88fe622cc2c7f2eb9416965

SHA256
0a8e42221b5276354c616cadd86e6b675021e07373bc66b63d37a7b1a4035c9a

SHA512
47f15f66eb8d90eba8ab9fa1e07ec4a44beec85a4b289ac39ccfacbdc0f65d554220c75a26b0750416bcf9c6baa75c724310a577fe82d0dd3961b7df56f8051b

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..mes-chess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e3f0a987ddb08f85\Chess.exe.mui

Filesize
74KB

MD5
e979d4ad02fb48f4eccafdc7ddbb262b

SHA1
72e5dde3f9c4f1e913814045ca612f0191e1579a

SHA256
7cd9efd22ddc93235feaf732d906ddd990b762d8b15191b7436c0080b1a0be27

SHA512
8c1dda49177eaa8291d5cdd109dab4dfacd5442d6a0f8d008c6ba801153fa47b326ece5d67a2f6f5ee366dd2c8bdfcab9bf6f39a0427cf66734480abcc366461

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..mes-chess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8ce17f80cc8e9b4a\Chess.exe.mui

Filesize
67KB

MD5
b23279011684cc37726335ad7d0a0a6d

SHA1
71855d8a2963ab307d3a884d22d9067e41ce3bd7

SHA256
c6cc900de0c0806a6e598a8f076f4e10178eaf8c61445652db02e255046af9c3

SHA512
28e8f1aee9361b30b959766288fcdec415c056e6afb8517caab765a3c8526e6775ee3ea8f8b79d6ea87448c41e6fc7c18fe9a766917fd7dee56fdb6a3d054ede

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..mes-chess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8cacdc64ccb58cef\Chess.exe.mui

Filesize
71KB

MD5
94f2ea6e29b272a1a438efe10f478722

SHA1
4a1a1e941943f2e31e5b3201de8a800762496fa2

SHA256
54717041e3f4cdd8cee8bb2a1f7bf50b1c7dacefaa1c2d48975b0ae6ed4e7fa6

SHA512
2e427eb23b40c63514754b6d616307e48503323398893b721043528e4123942b0f270d6a7c6d16eb9827c61e6609dffd7cf4abea49c8d0b0b7006ed65fcec572

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..mes-chess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_198c48aa96b988cf\Chess.exe.mui

Filesize
72KB

MD5
5757121f106076e4eb73deda5f593e50

SHA1
4248ed2956d53c780e118574a0cba24ee2c49aeb

SHA256
68e2c14a25e5f70849f218563f13a210c25d181d9d93ac47da1a035fa3acbb74

SHA512
3d97bc59401feb759c9817ed8951188ec6ac3ae1f9fb6f618a42688ef830413c3f2afc1e8f95ee7fc230bbc6254a14e4bf2c5cc8ce40aeb626ca3e7ad581e820

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..mes-chess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bbb1c7b789d49aaa\Chess.exe.mui

Filesize
55KB

MD5
698fe650c23eee9a5a7429ee26c9eaa0

SHA1
dd88bf1dbcde487e9a469a70e49f45cabcf0a356

SHA256
62a5169b4c8418e102779b8b1c422ef7d4703f59dba079f5e66bb03bc6ecdbbd

SHA512
61c90f65f28de6bbfdffaf3069ce20465718eb50f966d400b071a106d6679da62ab093d3f62184cbff9afd3aa5f33a0df57a7c2729fd1f9ef7df44d973e975d3

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..mes-chess.resources_31bf3856ad364e35_6.1.7601.17514_fr-fr_3195662bbc7626eb\Chess.exe.mui

Filesize
74KB

MD5
a4a8bc7fe14eb60e46bf7103addf9fbb

SHA1
d0fb2f8397937dfaa04d50823bb05580667785f9

SHA256
ca97fcf433baed92d1095bc87019d1a6b99b585e6dc2e4678db59d73ae73f07f

SHA512
6a4287cbf698a1a8594a05ceb8bef13b457262ac4b37a8393ef0460a49bde7ccbcc4de6b8a72c13b532a673fd872e3de80d6c68a60697833c87701607ef636bf

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..nesweeper.resources_31bf3856ad364e35_6.1.7600.16385_de-de_422835eff6be42a0\Minesweeper.exe.mui

Filesize
59KB

MD5
95b4109de3d960db155536f4c98a000e

SHA1
a817925e25d952d35ac4fe432abc6f708fd7f0a0

SHA256
82fb076c25f10855c43240eab6bb449d7c11131f880ab40b74cd6831b251064a

SHA512
44b18a1327f452221b0d0d852fd82fea335b8446fc1134ae82c0f4aa83e37eede97c268eab50ba71572635d0e49b32ff0a2cd4b70aaa6697b24e139b0dc795f2

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..nesweeper.resources_31bf3856ad364e35_6.1.7600.16385_en-us_eb190be8e59c4e65\Minesweeper.exe.mui

Filesize
56KB

MD5
a69d92aaa01cf5e09b28a14786caf33b

SHA1
24fc608e5a0e1c2a19e39f32e599ae1df70d6760

SHA256
03ee8d6ea02dae11fe0cb5cdc44f8f2d8e7d72f4cb6fce54f03adadea65bd633

SHA512
dad7c80caa30778ef290758c8ac822362d063a3484cc31232adb2ac588dc3e9026a83116ce46ae9b3f00e8a26b5ce621c8d68e5fed978d38ae22e728bc477af9

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..nesweeper.resources_31bf3856ad364e35_6.1.7600.16385_es-es_eae468cce5c3400a\Minesweeper.exe.mui

Filesize
59KB

MD5
47277c9d2a1567bde7e1ec38f3119fa3

SHA1
f1f5c950b2ff9b93269567e16b5d75e133599f5b

SHA256
1bad97c3e5c73a52e1df0a493d7147dcb095ba095fe65559b6641afcc7d28d6f

SHA512
7db212395ae3c2b87d781fbbd42ad6a651a435a857e290659966f2088de912c09046f6e51578b23ab9fdc38a41ff221c0292ec1985c17b85a95713fff60c95f5

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..nesweeper.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8d9bdecbd895566c\Minesweeper.exe.mui

Filesize
60KB

MD5
c81230e92d6575b6aeb1df5bb6c8c499

SHA1
60628b61799f877561b7c24631c076c9376fed07

SHA256
db5170a7d6ba455321f97d1655db3a72edbb28043b1fb53dd98f3f4036e8a480

SHA512
217d9bf4df1087683228cc611af92fc7aebd3bc7eac97d668201d2bbf8ad7229aa636057189d63f4bba6d47f3ddc6c4607a9a6803f4667808338f063ee27b68d

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..nesweeper.resources_31bf3856ad364e35_6.1.7600.16385_it-it_77c3d512afc73bea\Minesweeper.exe.mui

Filesize
280KB

MD5
e127014fdeace806412f01f4c21fdfea

SHA1
3b17dbb3008e58214a16efa4d27c6ec43a36e3b3

SHA256
9df196d30bc0b7eb76866dbba2cb80207fb7ae2fc671be9bd0474f0d1d086617

SHA512
7e0052735f2f91c41345f4de8a3b8ab7f4b400eab91165a7d5eb755d3ebb489c010bb8527ec19dee29ead1a4b2103f6835cbb2a599dab591a8539137c42afd3f

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..nesweeper.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_19e9541fa2e24dc5\Minesweeper.exe.mui

Filesize
49KB

MD5
7f3aee1810a9d98dd6cb4558b25ac6f3

SHA1
83b486bad72de0c4ccbdaa033a0823d27c4e8a62

SHA256
c53e67142deebef663fb8d3156fe0fa0a6d50daf971136222ea4bf740641096f

SHA512
65ecaa7524ab2b0e7ec95bf390b17c95d47e669c595ee2ce2bfc2a03c560343173d839e0e6803df272affababa0cf4eac315c8ea3d29cfeb9be7dd7353f0a23f

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..rbleplace.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60cb57bf22de85f9\PurblePlace.exe.mui

Filesize
179KB

MD5
0237da1a4169308199a1627a3aeaf81b

SHA1
6aa0b5f32c4a4760f3ce53eddada5ea23a690b3d

SHA256
ea4dbc5a82b85451db4c686692d8aebc9216f39c184c1acadf16323f950e4330

SHA512
00ace8c2410f3659f73c22aeba13bd0ce838a70247bf9a06d703692bc013b8195e27623a5c1c0ddc7d7c9a0656d1f1fa4eb59aaf372df027bd75c484332daf6f

Download Submit
\Windows\winsxs\amd64_microsoft-windows-s..rbleplace.resources_31bf3856ad364e35_6.1.7600.16385_en-us_09bc2db811bc91be\PurblePlace.exe.mui

Filesize
167KB

MD5
9bc1fd6e5fde2dea9f8de2dfb40d9308

SHA1
75190db6c70d74cddf9a1347fb6c99c667a8b702

SHA256
7766190d35d1dee830f6ad2dc135d46a041c3b2c2c1d29a64a1437fbf4b17e8c

SHA512
80b95df15906b3f5d15ef265c44874cec32465aa48113a71810d4639fc58262f94a8d3cd457de65d692d93ad574183bdbe2104127b2fe64d624e7569b231df42

Download Submit
memory/1600-146-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-151-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1600-68-0x00000000001C0000-0x00000000001D0000-memory.dmp

Filesize
64KB

Download
memory/1600-69-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1600-70-0x0000000006ED0000-0x00000000074BA000-memory.dmp

Filesize
5.9MB

Download
memory/1600-71-0x0000000006ED0000-0x00000000074B8000-memory.dmp

Filesize
5.9MB

Download
memory/1600-72-0x0000000006ED0000-0x00000000074B9000-memory.dmp

Filesize
5.9MB

Download
memory/1600-98-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-128-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-129-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-130-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-131-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-132-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-133-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-134-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-138-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-137-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-136-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-135-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-139-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-141-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-147-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-148-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-99-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-145-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-144-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-143-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-142-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-140-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-149-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-59-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1600-152-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-150-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-153-0x0000000008E70000-0x0000000009458000-memory.dmp

Filesize
5.9MB

Download
memory/1600-154-0x0000000006ED0000-0x00000000074BA000-memory.dmp

Filesize
5.9MB

Download
memory/1600-155-0x0000000006ED0000-0x00000000074B8000-memory.dmp

Filesize
5.9MB

Download
memory/1600-156-0x0000000006ED0000-0x00000000074B9000-memory.dmp

Filesize
5.9MB

Download
memory/1600-157-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-158-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-159-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-160-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-161-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-162-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-163-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-164-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-165-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-166-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-167-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-168-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-169-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-171-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-170-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-172-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-173-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-174-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-175-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-176-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-177-0x00000000001B0000-0x00000000001C0000-memory.dmp

Filesize
64KB

Download
memory/1600-178-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1600-179-0x0000000008E70000-0x0000000009458000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads