741a3ee4476d812386dcf92b85adef3bd51aed823fa2d7ff87f16d9fee73762a

Analysis

max time kernel
76s
max time network
81s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
03/07/2023, 14:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4winkey.exe
Size

2.2MB
MD5

06dbde6d228a2c398276cf4eaf87eac7
SHA1

3431aef99aa6f0f8496e03de73bb33f3a268db29
SHA256

741a3ee4476d812386dcf92b85adef3bd51aed823fa2d7ff87f16d9fee73762a
SHA512

0fe730befb6241e0c6834271dc7235bc12bcbd2b6aa4ce653cfee15f16bafead3c8e43630d6126986672cb406856e4e8cf89a8bded59d1d098b6adb70e2a3c55
SSDEEP

49152:34p0ZTmiu6tWE+Inc21hvSB1FtTIL9lH02I:ISTmj6tDTc21kPybZ

Score

7^/10

discovery upx vmprotect

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2032-54-0x0000000000400000-0x0000000000880000-memory.dmp	upx
behavioral1/memory/2032-55-0x0000000000400000-0x0000000000880000-memory.dmp	upx
behavioral1/memory/2032-106-0x0000000000400000-0x0000000000880000-memory.dmp	upx
behavioral1/memory/2032-240-0x0000000000400000-0x0000000000880000-memory.dmp	upx
behavioral1/memory/2032-603-0x0000000000400000-0x0000000000880000-memory.dmp	upx
behavioral1/memory/2032-613-0x0000000000400000-0x0000000000880000-memory.dmp	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1244-671-0x000000006D050000-0x000000006D968000-memory.dmp	vmprotect

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
47	ip-api.com

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\api-ms-win-core-libraryloader-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-utility-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\BugSplatRc.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\libcurl.NET.dll	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\galog.json	4WinKey.exe
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Start.exe	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\7z\7z.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-filesystem-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\TS.UI.dll	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\unins000.dat	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\7z\is-JM84E.tmp	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\RegisterAndLog.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-interlocked-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\x64\SQLite.Interop.dll	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-8HHPS.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-B1G5J.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\is-ANMD9.tmp	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\log4net.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\api-ms-win-core-file-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\PresentationFramework.Aero2.dll	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-BUQI5.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Languages\is-S5AH7.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-H8SD7.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-GLL12.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-6HF35.tmp	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\api-ms-win-core-memory-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\System.Data.SQLite.EF6.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\api-ms-win-crt-heap-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-D197E.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-SGSJV.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\syslinux\is-OG5GE.tmp	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\api-ms-win-core-file-l1-2-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Newtonsoft.Json.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-time-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\api-ms-win-crt-time-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\is-554A7.tmp	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\api-ms-win-core-processenvironment-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\syslinux\is-DU8N8.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-E4UBO.tmp	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-memory-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\libcurl.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\SoftwareLog.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\EntityFramework.SqlServer.dll	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\is-9I90P.tmp	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-rtlsupport-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\api-ms-win-core-timezone-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\CalcHashAB.dll	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-3PRQN.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\is-7069L.tmp	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-string-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\api-ms-win-core-interlocked-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-sysinfo-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Dapper.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-util-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-file-l1-2-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-processthreads-l1-1-0.dll	4winkey_pf_8.0.4.tmp
File opened for modification	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\api-ms-win-core-synch-l1-2-0.dll	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-GLAK6.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\is-EFTQ8.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\x86\is-J282O.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\is-TP0VJ.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\syslinux\is-CCBOU.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\syslinux\is-QAJJV.tmp	4winkey_pf_8.0.4.tmp
File created	C:\Program Files (x86)\PassFab\PassFab 4WinKey\is-VAEM8.tmp	4winkey_pf_8.0.4.tmp

Executes dropped EXE 5 IoCs

pid	Process
1776	4winkey_pf_8.0.4.exe
1352	4winkey_pf_8.0.4.tmp
908	Start.exe
1244	4WinKey.exe
1928	Monitor.exe

Loads dropped DLL 64 IoCs

pid	Process
2032	4winkey.exe
1776	4winkey_pf_8.0.4.exe
1352	4winkey_pf_8.0.4.tmp
1352	4winkey_pf_8.0.4.tmp
1352	4winkey_pf_8.0.4.tmp
908	Start.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1244	4WinKey.exe
1928	Monitor.exe
1928	Monitor.exe
1928	Monitor.exe
1928	Monitor.exe
1928	Monitor.exe
1928	Monitor.exe
1928	Monitor.exe
1928	Monitor.exe
1928	Monitor.exe
1928	Monitor.exe
1928	Monitor.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A210FA1-19B2-11EE-862F-EEADDA397F5C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3465915139-4244146034-2076118314-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	4winkey.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	4winkey.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	4winkey.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	4winkey.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2032	4winkey.exe
2032	4winkey.exe
1352	4winkey_pf_8.0.4.tmp
1352	4winkey_pf_8.0.4.tmp
1244	4WinKey.exe
1244	4WinKey.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1244	4WinKey.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1352	4winkey_pf_8.0.4.tmp
1380	iexplore.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
908	Start.exe
1380	iexplore.exe
1380	iexplore.exe
1776	IEXPLORE.EXE
1776	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 34 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1776	2032	4winkey.exe	30
PID 2032 wrote to memory of 1776	2032	4winkey.exe	30
PID 2032 wrote to memory of 1776	2032	4winkey.exe	30
PID 2032 wrote to memory of 1776	2032	4winkey.exe	30
PID 2032 wrote to memory of 1776	2032	4winkey.exe	30
PID 2032 wrote to memory of 1776	2032	4winkey.exe	30
PID 2032 wrote to memory of 1776	2032	4winkey.exe	30
PID 1776 wrote to memory of 1352	1776	4winkey_pf_8.0.4.exe	31
PID 1776 wrote to memory of 1352	1776	4winkey_pf_8.0.4.exe	31
PID 1776 wrote to memory of 1352	1776	4winkey_pf_8.0.4.exe	31
PID 1776 wrote to memory of 1352	1776	4winkey_pf_8.0.4.exe	31
PID 1776 wrote to memory of 1352	1776	4winkey_pf_8.0.4.exe	31
PID 1776 wrote to memory of 1352	1776	4winkey_pf_8.0.4.exe	31
PID 1776 wrote to memory of 1352	1776	4winkey_pf_8.0.4.exe	31
PID 2032 wrote to memory of 908	2032	4winkey.exe	33
PID 2032 wrote to memory of 908	2032	4winkey.exe	33
PID 2032 wrote to memory of 908	2032	4winkey.exe	33
PID 2032 wrote to memory of 908	2032	4winkey.exe	33
PID 908 wrote to memory of 1244	908	Start.exe	34
PID 908 wrote to memory of 1244	908	Start.exe	34
PID 908 wrote to memory of 1244	908	Start.exe	34
PID 908 wrote to memory of 1244	908	Start.exe	34
PID 1244 wrote to memory of 1928	1244	4WinKey.exe	36
PID 1244 wrote to memory of 1928	1244	4WinKey.exe	36
PID 1244 wrote to memory of 1928	1244	4WinKey.exe	36
PID 1244 wrote to memory of 1928	1244	4WinKey.exe	36
PID 1244 wrote to memory of 1380	1244	4WinKey.exe	37
PID 1244 wrote to memory of 1380	1244	4WinKey.exe	37
PID 1244 wrote to memory of 1380	1244	4WinKey.exe	37
PID 1244 wrote to memory of 1380	1244	4WinKey.exe	37
PID 1380 wrote to memory of 1776	1380	iexplore.exe	38
PID 1380 wrote to memory of 1776	1380	iexplore.exe	38
PID 1380 wrote to memory of 1776	1380	iexplore.exe	38
PID 1380 wrote to memory of 1776	1380	iexplore.exe	38

C:\Users\Admin\AppData\Local\Temp\4winkey.exe
"C:\Users\Admin\AppData\Local\Temp\4winkey.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\4winkey_pf\4winkey_pf_8.0.4.exe
  /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\PassFab\PassFab 4WinKey\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\PassFab 4WinKey_Setup_20230703145747.log" /sptrack null
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1776
- - C:\Users\Admin\AppData\Local\Temp\is-O7LTS.tmp\4winkey_pf_8.0.4.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-O7LTS.tmp\4winkey_pf_8.0.4.tmp" /SL5="$50152,26411605,628736,C:\Users\Admin\AppData\Local\Temp\4winkey_pf\4winkey_pf_8.0.4.exe" /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\PassFab\PassFab 4WinKey\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\PassFab 4WinKey_Setup_20230703145747.log" /sptrack null
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:1352
- C:\Program Files (x86)\PassFab\PassFab 4WinKey\Start.exe
  "C:\Program Files (x86)\PassFab\PassFab 4WinKey\Start.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:908
- - C:\Program Files (x86)\PassFab\PassFab 4WinKey\4WinKey.exe
    "C:\Program Files (x86)\PassFab\PassFab 4WinKey\4WinKey.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1244
  - - C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\Monitor.exe
      "C:\Program Files (x86)\PassFab\PassFab 4WinKey\Monitor\Monitor.exe" 1244(#-+)UA-120571716-4(#-+)4WinKey(#-+)8.0.4(#-+)&cd1=8.0.4&cd2=0&cd3=Trial&cd4=PassFab&cd5=Microsoft Windows 7 Ultimate (#-+)1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1928
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://cbs.passfab.com/go?pid=1721&a=i&v=8.0.4
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1380
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1380 CREDAT:275457 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PassFab\PassFab 4WinKey\4WinKey.exe

Filesize
10.0MB

MD5
b8d977d1caaa14cfc6cd464410430b34

SHA1
0d70e169de28fbf48df9d53da72f840a2b070cd9

SHA256
18a43b740c89ccdaa96f4ccf93a31c8866b469fa0c1905af242e015c6e1d0929

SHA512
43ca03833bf724743e68106ff5a2b4032ccb896684be16a1aba1ffa31f663325e0af1d4923575307f0bd84e7011cb87861e31ef35f2c325b41aa1ec1b39559f5

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\4WinKey.exe

Filesize
10.0MB

MD5
b8d977d1caaa14cfc6cd464410430b34

SHA1
0d70e169de28fbf48df9d53da72f840a2b070cd9

SHA256
18a43b740c89ccdaa96f4ccf93a31c8866b469fa0c1905af242e015c6e1d0929

SHA512
43ca03833bf724743e68106ff5a2b4032ccb896684be16a1aba1ffa31f663325e0af1d4923575307f0bd84e7011cb87861e31ef35f2c325b41aa1ec1b39559f5

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\AppService.dll

Filesize
116KB

MD5
cb5ff832288c9e3f075ee3cfff722123

SHA1
94b422e72c28a795e085175b2d0e8bf9f8a23a60

SHA256
aa872261c2331edc2fc76407c5ad367d26cc0e968d0d5a931ed48c3adb1d76ea

SHA512
0290d9a3dcc7733c7a36fe435a2e62e5141ab09d18e39e310d002bc0127aae3ed9692f2cbe3f7fe52a166c2c944577310be2a29be8374cfed5702c3233149543

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\MSVCP140.dll

Filesize
446KB

MD5
b33902774ce0eded02b0cf1b54622736

SHA1
05c4ffb6b9b9ba8a56b7a3187b7d100ab20fe8d5

SHA256
8cabbd2ad374da8e58374c6915592d217966e7ea7e0d4038aa21a2d92a5a0612

SHA512
bb7b40d3907ec7d96ed2827067b9b727bf8cc660be21d8aa40267ed25c44bf06b54654af669c5a47dbb321b3d46275780c00fffbc15a7af0c5bee03bdc3d1988

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\NetFrameCheck.db

Filesize
9KB

MD5
b904e4cbc000118e822e0a3b42c082d0

SHA1
86774fa5e197af57686ac3d368470aa5169df669

SHA256
43a4c7c95e8c2222a0befa286609149ff97fbd0cea981796e78512d0afef523a

SHA512
a2e6e2f3faedbb5879dacf732fec81157bd1522ff00cbce9b2e10423781a7d022ef4ebe7b61f8bb0e20b74892b063f4499acb2e67a7182d06763a5ccfdbe32fb

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\RegisterAndLog.dll

Filesize
712KB

MD5
d74d4db2d54177bd84cf5980dbbb01bb

SHA1
19cf9786ce70b242175989d7ae32852424464f2a

SHA256
51a0fb801f13c0252bcfcfd67b0cd313bd0ca9217f5d1cac411c10c451d6d9c7

SHA512
d16fd92ba07d4f66ed038bfa86b699ac9427a787f12039d32e8e11df8df81467c7a43553c9383c82ed16bf687334059fca014d4cb2b4590ab16a504a87a1639a

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\Start.exe

Filesize
5.1MB

MD5
dfa52f31187371264763712e68b619e6

SHA1
57aa85253585a16c1a9e8952458cacc262208959

SHA256
3176365150fe53fb239533c9119e6f9cf527ef0386b0e7c68ce7e8db71b4b41b

SHA512
02d8922ab796b747520671c5b07e2377f248a047a2fad1ead2adff942013610a45bd5aa9942881d8808568db2ea3cbac11661810333c5437686dac05f2aa706f

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\Start.exe

Filesize
5.1MB

MD5
dfa52f31187371264763712e68b619e6

SHA1
57aa85253585a16c1a9e8952458cacc262208959

SHA256
3176365150fe53fb239533c9119e6f9cf527ef0386b0e7c68ce7e8db71b4b41b

SHA512
02d8922ab796b747520671c5b07e2377f248a047a2fad1ead2adff942013610a45bd5aa9942881d8808568db2ea3cbac11661810333c5437686dac05f2aa706f

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\TS.UI.dll

Filesize
354KB

MD5
0ce48582643a55635ad4c25945171022

SHA1
af9fa17211bec9c5ea6220459b4b822e275287e5

SHA256
6df571b5143af489864eb9fc562ba34501873ed18d0de149080309f7cace204d

SHA512
9638190d0b67a86948b61ff0bf4f168d0928f972a4232a3e7d39429c8d932c27e1c09d1cb3e9f2934b5407467c8532f0e32f570a99ac8a4ec8a6362d60a7706b

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\VCRUNTIME140.dll

Filesize
80KB

MD5
e79ef25890b214b13a7473e52330d0ec

SHA1
e47cbd0000a1f6132d74f5e767ad91973bd772d8

SHA256
7a114a9c1ca86e532d7f38e81c48f24ef2bfe6084f6056b3d4c3566ba43003d6

SHA512
dabed378fccfabc10486747fc70cf51a4fcc5b88f869c8a2fa4df30caa83a3af086c89e23806b7a291756da957a97c80a9b834a05e1d8ee7bd5c7159458c537a

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
00d8b4bed48a1bb8a0451b967a902977

SHA1
f10ef17bda66d7cab2840d7f89c6de022a7b3ff2

SHA256
568d7f8551d8b4199db3359d5145bc4cb01d6d2f1347547f47967eb06a45c3b5

SHA512
e248cbc06fc610f315d7efcadb39b5cb85dfe5d40858768d5aea8d41b3b4b23eafe0db2b38cce362fd8ba8bc5eb26e9b2dddc00e2e8615395bca818ecfe0decc

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
534483b0f4a1924b1ae6d7e66b4a4926

SHA1
4e954316acd216007f4a0225b138e0c0a04fbbed

SHA256
c1bca1bb524c5ae3d877a099f469b6fc34288bab26ae7a7f4fc47cd869f4958d

SHA512
cfad2ddf8a9ad67e36e978726d8a12ca26b180f73122b2e8d19a83f73028a050d9f418e7525f576cc3a9601b3369d4494dddbde620b4011b7ca8a7ec4b0d1b12

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
73483cbc229c62e129627adbf62b0ffe

SHA1
074ce67665c86355d3218b5e3ea4b1b335095af8

SHA256
13471eb84db95f8270398ef1deb29f0ea024db17e331497545c36eea7b2a3a7c

SHA512
92f06cb8971e29da7607c6b1d1377f21c7e6f0e4a169aaa08326038d5cdb09422b91f4f2d26a7978521e0edbb9cf1235e583f2910048c917ccef8d12c5e1166a

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
7016bf365a155d29f01a000942a017ef

SHA1
47e25b97af56edbdd20ca72bba994c6bcf1b81e6

SHA256
b5f815d0a41add7fd9593036a8e6843fcc221298fefd61808f960eed3cc19830

SHA512
2cd7e88717a2d81811ce03990737888b8a1e9e351dcdad401ffe5924bdf97be086bd766a1a5b25411b760cbf81b68bebd94d915100b6bc1310360813af11f827

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
9efdffac1d337807b52356413b04b97b

SHA1
2590bd486abce24312066285fa1c1feaf8332fe0

SHA256
e1a87d7d01e2376dde81a16658915ccf2ecb692739fef09adfb962523756e22d

SHA512
b3c164e50d48a78bd08cf365e02e263b97ec2dd3efcf04914c8677c838e10be23df5178a8618e3f2a6feb6faa2bb74eaf069e7e2db7c6e6fd9d0137dcffbcead

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
42c72d838c34e4e7164c578a930b8fc7

SHA1
82d02cb090eb6d81a1499189e4d3e6b82aa60061

SHA256
f1667bbda1b58fc688b422fd2f9f7040919c4ababe00a4be78b258cae2dfc3d3

SHA512
1020d6010dca512adbc18f44b6453a974a200766013c39f6cb1cd0a72234a241c73587c929f1d0fcadf90c3eb71264086167f05bd7ebceb5b944f4e4a0811d92

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
5c6fd1c6a5e69313a853a224e18a7fac

SHA1
10bae352f09b214edef2dc6adcb364c45fafdbec

SHA256
3aa0eb4c47ac94b911f1a440324d26eee8ddf99557a718f0905bfee3cf56255f

SHA512
08c2b1150f6bf505d10085a515bbfab6c1e18663c6ef75ec988727e3d30210532d03bfbfbb048b1a843d4faa5d1060f9079e018a9e892bce03f899a5a85f6034

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
6a3d5701446f6635faff87014a836eee

SHA1
7bbc9db1c9ce70e9fc7b7348a2c96681e5d8265b

SHA256
16ba05a1fa928501ffaee2e9dce449d28e8fe538df5ec6d8d1080b610b15d466

SHA512
839a1277b6dbb9f2d6e572e1b50b0ad08c93256a1367f36997db07285aa7b251346499a643a985a22d9a7618635c11964e414073aa7e1bf60d36368829de8fb3

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
4ec243792d382305db59dc78b72d0a1e

SHA1
63b7285646c72ee640d34cdc200bfc5863db3563

SHA256
56e0bdf91edb21f5f5041f052723025c059a11360bb745f965a9903de9c61756

SHA512
88f648d45927db65ff8cead4bb1959b1297410bf3f5b3b2783a173d708649260a61470342694de8b93e9c1657de64db43db40ee71acc661b03786c0921d68d4b

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
a51cfb8cf618571215eeba7095733b25

SHA1
db4215890757c7c105a8001b41ae19ce1a5d3558

SHA256
6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1

SHA512
9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
8d097aa5bec8bdb5df8f39e0db30397c

SHA1
56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158

SHA256
42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d

SHA512
a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
ab87bdae2f62e32a533f89cd362d081c

SHA1
40311859dd042a7e392877364568aad892792ba9

SHA256
0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978

SHA512
dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
19KB

MD5
169e20a74258b182d2cdc76f1ae77fc5

SHA1
fce3f718e6de505ac910cb7333a03a2c6544f654

SHA256
224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372

SHA512
0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
49363f3cf4671baa6be1abd03033542f

SHA1
e58902a82df86adf16f44ebdc558b92ad214a979

SHA256
505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc

SHA512
98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
be16965acc8b0ce3a8a7c42d09329577

SHA1
6ac0f1e759781c7e5342b20f2a200a6aab66535e

SHA256
fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21

SHA512
7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
3eae6d370f2623b37ec39c521d1f1461

SHA1
86d43e2e69b2066333e4afa28a27c7a74ff89991

SHA256
ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b

SHA512
30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
a440776e10098f3a8ef1c5eaca72958e

SHA1
7b8662714f6e44fb29a4224a038e4127964003e9

SHA256
40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316

SHA512
b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\cloud

Filesize
252B

MD5
050a737737fe8f9a6e43ba77407f0933

SHA1
9e01784dd500b7c7dbb29c7f3bdec07b02639d47

SHA256
42c89ca84d86c500723412c7ed3d8ecf46f867818f432b8861c29bb630545d26

SHA512
d24cec647f6b134038bf1c3d0ed74431fb8e6ca1445a6751022f99d3342312c14f3494eae1fbdbf7123409907dc1ea7302a5b15033f8402a173bbdb4900f2d12

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\ucrtbase.DLL

Filesize
1.1MB

MD5
b9820b010d39c3f0d5ec277d54b37fbf

SHA1
b2f704ade582bd498224bd84dfd8ec5a4efc2fb1

SHA256
de3f497d6da0b5b8ce3785d4ea1e587c50f1cae356226ffa3416fa43ef8a8503

SHA512
abd3c0f7d733d2537df5aed4b1327aa8988b823bc654528f1b206cd5b454c57bd0d004092a90dbb20d7109a24591669d3602d9e28c435ec815dd21efaa8cb2b7

Download Submit
C:\Program Files (x86)\PassFab\PassFab 4WinKey\unins000.exe

Filesize
1.6MB

MD5
9bae65758973e5af2d1c1229b1516803

SHA1
109dc2a3bb1883d7f65aaae4b48c07fb55518df4

SHA256
98f777d6daa1fe63ef58a4f4dd47ff3d2471b37deefa1a3eeed1b6f427c00ab9

SHA512
8a2695a85a514685739584bf7ec4720df3d052aaabf25e0dd21c0c77ccfafe59a028e43b3ee36ccffdad0bdde4a20c506d1c6a33236a1f7aa6db8f620a34e4ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ea041f87923987948a62889dceb5fa9

SHA1
ad316913e935accad753602e9945fc96e19f0cc5

SHA256
c4d806e9229869c3771217d03bbf94daa84f3253713eec3f68f250357a27f0ca

SHA512
bcd1a4603deaedf9a37fd5c5bb1c70552081b5fe732017e309ed89adcf600780661f93522ce7f9d08b0160316a8ff5270a0648116b152789b190fe229ad221de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79250ddf7070cd01778539038c7ef98c

SHA1
900019c2dc06d6e0a4fdd939dedc828cee1e0bc6

SHA256
87fb42c7964e95afc725409eb3a32824e11fcc0e9c7c16d17948cdccf282e084

SHA512
74fa54bc1242712bb4b9a711ed3cb56c163e69a85dee2f143d218e47dda7319aee32137bb1515c3f3ae74e4c64c792e676de1bc4a745d3b3cea3f42b0b7d9206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b899a8ec75e141cb09911f1d3a4be15

SHA1
2b5dc6f2709a4377c727d85759d1436da6b64785

SHA256
710de99ef9142b90a673a86ac1e49b64bd1c2e81b322fd5f0cc8710378c8c613

SHA512
383f24ab6ea560fda80a0ed8d30b81bf77d3484a5719592aa32100ba090b521a43394cb8fa37d3d824e8a06fbf93a7ab929f63ebc50daaf9c9f6974727aa69b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abbddbe95b49d5d48cdeb1cb6db4973f

SHA1
45c7f9592e458ae5b33f48a6dbd59916b7c478fb

SHA256
8580643797b82e9905a45919af96fdf1321c140e97ec16892a7e7ce7196ac3c0

SHA512
08264d5424f33e2f366d33ad718c6b199faead284133756ac8255496f3bcfe4d2dae1c00ee0c3af64e8d224595232b9114bc640c4e4c8d89c889f7c49c3c8087

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5275e84b15ee2dd30f132926a2eb765c

SHA1
663dcaf5454e242beb11388df2e8312d4f376b41

SHA256
c75c8007724f4da43c264e8291ceff97d143830efc6fe1b0c792eb2f82706aa5

SHA512
d5c8e340dc4979145ea110102b3af4c5182cce079eff32fc492bb09019f7f8261bf383fb59b88bb8c85e7b8f98c15c20bb625b39ce2c19eada2c7570baf71b88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aaa0852c11ddf19ecd470b7beaa0bb4b

SHA1
e2847032dfca9b676602840f07bd9951c69fd93e

SHA256
0fbffa3936353bf4c2df413a161ba9df87b921ef08890e46659b71b807925aa2

SHA512
a0a3e51c23903ebff06c2478ae50fcfa3ba29ffc8bbd8ea13a253c989f1ee2ac8d6749c77e6bb42296a31da7245b1d1bb4fcd87125fecc4919a50fb95afce7f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
719b2643ef80ab64bd5ceddbbc983a33

SHA1
267f85b8730c34405777f45463f76c2d68150b4b

SHA256
81d602064c15c46b3b87ad375ae6d52f06bd9108b6fc7643b472183b10ba23f7

SHA512
d8194a38247ddb141e53624f413f03cafe5dac1952ecaad6f6b78184742b471e6d40ccd52737769ecd05d1f5596702ca84abf3c8561d3b078fd7d0e6d5b516b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a68a7b6bf63ba6aee331b544145ffbd7

SHA1
a5094fbe0bbad6e839b6f849d55b501292096a51

SHA256
c890669eb788c80f03267bb1dedc2bd588a9f78097c08517caf9a3e7aede5d2f

SHA512
5893a8aa01834854734ecd3dea332a78eb8f2b0238fc86a9a586ce5542d51e66ea57c32eeccd22563d7fe702a8bcb4452953f230d63dde0a593c1801372fbf17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad264fd31f8e67563014fdad5b836a20

SHA1
ac1c4dfba4bbcace7eee3f506a21158885bf82b3

SHA256
ff9903904771441f241743c951cf38e9b49ef39cfc88a9447deedf7835574084

SHA512
91d2824336556dd2e442c2129e2e77896b4ccb893f7a5b5ad69fdea67dafac22c582a2edc89c91bac93ce2c72ecc1d2317413050a4391f962de0ccc1e3723a06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
751ca9a118ed7c878eb2e95d780231d8

SHA1
d65016a26ecbd42cadc6c8e3e2b22c1880b29cf0

SHA256
ae3d466d26feb97c2544012a06c4b14cd0eed060dd588aa0f610471cde6f0176

SHA512
604605493cdd1d31d9c3ee2fc40e5c029a0fe925a2fef81e80e4d8401c34d9986d513e56ef7bdbada76d89b2745ea4ab70bbae2e85502ed52ed07718f9db44c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55d4400a315dbaf37f5e510f6720801b

SHA1
f6da4b5b0ef2bdb88628b7416bdcad723209043b

SHA256
41ba59ec6bc7484bf5f160f6d688d1a20ff24ee0e2e2773d3b0e5b8be9ac5590

SHA512
a1d574c902677879015ee7adf388402cbabde78ec65423f442871f70998162ba63270adf43fc0c5435550b853a05e25cf16fac05615d13090eb9060265e3b805

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9f590c582f34151e3d159dc2d74e7fa

SHA1
0142d6dc7962dc4d65d6284a9951ddc57e9b48a9

SHA256
baf1c10467d5716a229158f8262d1bd618b93f19632cb92efffedd6c122cf26a

SHA512
3d04e96cc823d0c914ac2cac08da0919a4b75f2e220679108efcdc9724c53e6bbac8413b61457897d2600183227e679aa1afcca307bb9cb2d9ec9ede4f17cbf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dea3800c07d90006dd478ab0a8ed1d14

SHA1
759dba07a6e5eeb07ecc935f00aee06f857663cf

SHA256
6bde36367c258358112a6a49285aac16f0193bfb13ad9c3cc35f3f88f9a5534b

SHA512
97b88972cf9f61b9c89e155955d341a36cab71b9503a1c1f60f306bdebf293889424767254c9af915dcd5afc1e9bd8f8d8efd39eab08d057255c4f10db2028cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bca45d8be5bf02226a0d7ce2bbf8092d

SHA1
c5b11981f3d77c53d23769763b84211a9f6fb129

SHA256
827cc25243d254837763131eeff71a217ddeb650f6c640d328bbbd7e33e7a7b7

SHA512
fbdaafda771a307b08c6e42a45893844ac9a07b74035d2a85de17c483f5c0241c689aaf5392f5f369dcdb16c6d2427fab865d2b7348cc4ce81b60dfc128d363e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d67ac2e711d4ec0ee4592308005ebce8

SHA1
f91359bad46da09cb64f8ae173235bcdccc42eeb

SHA256
c9972fc49b80fb7b212d643186a791230b46675c0b4e34dbe3455fb52ea891ea

SHA512
f25b13bc253afea929a1a1bbf519ddff9a019551a05224aa6c9ba25caeda9cad737003306e89d9a18ef8c3cd409ca4f98009841326e868dea18187aecf186cfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00d4283e004bc9985fcc4bc34a8176bd

SHA1
ccb119c791594ca5916ed3abd0efd5efa5669cc1

SHA256
8264f119dbfbb4b3476b3318a6bd94d2ff7fe342a6d5fa7f935a118434ca43c3

SHA512
b45c3aced7fe68c6724d65ac000a586760e7d79e1a9cdbbf7017db30b57e05d75d3f6b1acf01b19230b18673bea94c419c199ef66b0d53e68222658c7169cafd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8073de71f9522986a51e6bf71503b611

SHA1
9270dcf3d0dac5cbbcae82ce4152822d3fc3a405

SHA256
8f8bd5e5f17909565f6db702874bff47c695a81417292794dd79c4145e1fc698

SHA512
9588f4685ac9d7231b7763ff5224d3352edfabd639c10dd38f86a54291cce0550a5e43bd83a004dbec38090a42514eb7e4d452ecf64e1f8b2e24a67124a71845

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffee1d6ebf5bc940b423dee4af86687c

SHA1
5d7245fcc8ce76b8c51d4598b8070aa9e2ea0c4a

SHA256
47935780c637adec5ec11676d7b7d6a81083bbcbcfd083cdb1988e872f914e65

SHA512
899007fde5b7e01edc5220c57cd423b31d0444e7eca59e54c7ac20b6e102949cb870441554aa8d2d3fed41c9aa6fa9ec28fd233a1e85fca29f540cd76c3166a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a74f3e95ced73d7e8ecfb7bd0eb352b

SHA1
2f098ff7c178fb18c86c229280d74b4b9cec9914

SHA256
7086c4ea1fc10c20ae74241ac847ddd657ee34189b969933860539802d5dac15

SHA512
4e9f0ccac465af37acede199925efdf23b9e11dbe09261a1a658f97a8b6760d510855cc94af6b6fe2500e93543cc9961569d3b59bd53344c839cd7b3e435e6f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dfad4b069b13b40a406edf52d4fbc73

SHA1
67a11740707a635a2ccbaa167477937821135792

SHA256
51bb2463dfb9bc1edbc753579155728b4bce51b3a1795db4800679ea7d616eff

SHA512
762a501042272c1add14add23a3fdf151db61b7e13f319c7b6e7c77f31f8913b69f9ebcadc16efaa9dba3bf51596c6284afb6bba3833a6564fea08bef3fdc5f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9c9a8d09bbd94504103ce799ce343c8

SHA1
0fc7e5835175a495ddc38682bea102b15e07d0b8

SHA256
ca77dc49bcfa6f2bff5c55a7eb5c55e13d81dc405c7b9cd2e571f9f1966d7ecb

SHA512
c0ab3cc952e1a446bc7daa6fbf2f46a3aa5e177342e6f850ce3784e2a43b0f59152f7966ca75b0a85a085b20d8000dcb6bc0b778703945b6dffb98e631a02a9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b42ad687ea9113224ef7eb4716f4477

SHA1
27870a4d644c6dc0ba279573bec7cdd5b9c4f764

SHA256
50f340a210dee61941d33472e4fa7310013b5dd9117153d02dc2d8483965d062

SHA512
b1ce958af20585064fdfd61f3ac2891ef88f8c6532ff9f1314cf88c3977fd1b4140222fb0508e030fc0f64876528b81084f0cfb198aa8c707f8bb0a15f6730b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67866873ab96dc1b1f9922ea34b6c252

SHA1
414a06c26c4252718e6b16706319dc51ff5e0b5c

SHA256
622feab69aeaad022c9d87141373aa2c8f3c8c8d90e15f204f195bbc6e1b55f0

SHA512
d64d52817433f9927536d79c2ab42b40c763dc297a0157a18b7ef305a27d9d1ff31de45d63027dd1380c281373352f65ac51937dd2c4be12a6105ae061bbd655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32475c1b83a080a4ca410e184c8cfbc8

SHA1
942aaab32fd626ad7806d636e626e96624cd6f1c

SHA256
13cadf28205b5ebba088f249cbab4804a88fe1fe9291dddcd336bdd8da1d478d

SHA512
ac3c9e41407e6d89e5e0d276598cee83544150fede9ce4587e81216f3937e92dbb3775f5e5b7d03d170fb2ee50989542730213e06a69cde398b54c98edf18608

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbc2f449996ac8d8d73ab67f1db9f947

SHA1
e07d3b6be62e5b14e07d5d73774e01bd619e95cf

SHA256
2e3b288a63e0f1147bee03e590321673a6ae16e270db5e9c944cb1798864720b

SHA512
c198f9201fa6882a3fba6fa4bf1d0e687b4f8990466951bb369cc1c5e1682b2d9bd51bd1064567d9f886bb0d8970f4f17377353cd087b243351ab2eb82e47822

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1df120c5098ad70df05e589e04934911

SHA1
a764d2b5453ae634d0913f2eb953f4bdb6d92b47

SHA256
9381dff9185ee264c0e1ccdb8b9fbf034e0b5b52424faa763a5e47d1a010d166

SHA512
f01242cb0cc1fc84e71dda2762d219a127faca9df14bcccffeb6c1c9a92b2de55e1ca1a9343e3f43a7933596d047ee6bb971686d14a970a22ab873ea1c482b58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
815c59277d2d043e4c6df12b2ddb4f85

SHA1
6cef167400edd9a1030441bde1fa1042e2ecf7a2

SHA256
d0dcb613ec522ec77f238e1c85bf89b99c5083402d27c61f8680f0ebb7fd79df

SHA512
1359c7de469a5890ac70f8c31c087c511720d3c0c03865b6d828afca0b0345c6eecaf3e4b44842ab47f4fa49353156954ee010c6654eab3bc01291a5a1a6780f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb71dff117fedf20542e09ffa5ff1c99

SHA1
cc94d3949550859e3895a82eb841a1526edf326e

SHA256
45aae294873cd421bed24c0bb26e54a89bb6fd517edb9689641654375ccf2a0f

SHA512
003257ce09eb8f75adef8bfc003cc10843e6cc69f18b06bbe52f371efabcf2cfda10aa66e8c382780006a3393fa49a7ff40a13cbcbd16282991a468ad8750a06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee35673d1e52e1939c394dc62ed0fc58

SHA1
ed71c35b2dfe29ed8b587cec1500e7554c5f1d72

SHA256
6b6f5740687fe3336a990cd3922d859d013d2c7185f2bc812a2e0efd2bcc78b9

SHA512
5dbc10e5f1d756fe57a549db405308dce00c17b194b8d06d03d306d40a032517bad9dd8acdbf99467d62a16893d916c414f4235b5fd7ea7530ffd964a91a61a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da3817fa3a09a5cd304482b7876c4b83

SHA1
df0e7f02cd9b7c952d5876d15f3c7586394fa546

SHA256
5eae23142f8ea3e480abb0f9911daae66a738ce9ce0032d324950383950c9d6a

SHA512
d6b4850d3ded3f5eb90b0182839291244e9ae52d12ab86e5efbad7d10e53663d56804350f56014b273ea877009eb63115d4334faed19e09343d704cd1bdffd4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69ccab91b2c88bf2af64ce529658b1d7

SHA1
8f9cee743089b2ef2323eb7179bfde8787903c21

SHA256
eefc97f92823453503e741d81b54343738dcd49f7f4919178fd0e7f36fa62192

SHA512
78cfcb2ca4eaad57b095731c5328ffdc8bd77e19e05e36212c5353c3d5fc75287d46b90d9a797d5cace85a4092989d3172d1227f3f0ce6199135de666e192b45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b675c482e7fb23fd87af9ec9901d2a6c

SHA1
717f8f5a15688dd932c41c7b07ca36a8d86c0bda

SHA256
6d8f4bae21e3c2f7e8552e3556ebbe0c61ca7a9b2fbdcdb3e211b5e96dd115db

SHA512
94b8a0db332920f58d337c1b60841b709f82d684f6e22acedf535b8ccbaf0465140b70cf2d948268a78b599fe9742b44d995d772cac936454c44e741d67d2e9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
7f921e671837eb7e8b27323333859b14

SHA1
4ece4c658b24fb85290d4528d7a2f52ae1d7ff86

SHA256
76830bffacdfde98f04549800cf540da12c8dbfac3c7802dfefe51956e45c18e

SHA512
d84b654be8b839f3994ce993ad5664a3eb5ea8274cb7888b5981d4437175f9813afbf60906cbfbc7b4648b664bf128b1f2e445782516cd4fb0d966675ea0ef40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLYAY9GR\rn-ui-passfab-1.0.0.min[1].css

Filesize
113KB

MD5
7e6078d829dbaa1d4c7336e13b8388c1

SHA1
4a178f9a7b2ce6bbb24825b9ec9fa17517229e4a

SHA256
a30ea83046f0d8a9f5984f6bd6bd3be7e3d943d80885403fc40f74367c01b376

SHA512
cbc0d30acbdd250493753835afff831951d8ab176f1adb4f4ae7f0ff459a93227c8fa346563700b069626516379e4214ee676aae8583604673767b022f7da608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPQI3YTS\logo[1].ico

Filesize
3KB

MD5
87bfe0333eb7f59dd705a455f7fd8634

SHA1
70dbdf428f8429b38dbcc2b434989bdf12aa0bb0

SHA256
4321cb31da7daa87d28858a1dcdf688bd335d82633e19ee8802336b759e5b6db

SHA512
8e6ae11164c71768014ed01447318db15ea9a2b617f3a2ca85b08e2cf33c8383b394a6a8063c99ae9611d1a36907069a508cdefa56169a85590652e61212d366

Download Submit
C:\Users\Admin\AppData\Local\Temp\4winkey_pf\4winkey_pf_8.0.4.exe

Filesize
26.0MB

MD5
d5b46c097fc7e2603fcc2d54a2dea79b

SHA1
458c279e4d36fb22daaac530bf8049144fa9ffb8

SHA256
2578a2aa3bdb4a47abaf443860f75ba4779d2e2d57f0b97414f98f6d5b3c6f53

SHA512
a24a27d58bba4439cdb374d865e29df72f84c099cc83a20bf3e557f25ed81f8d64cdcade17e59f24311e76a68ee2a67ddd3aa06a6ed3b69c5280c69b68066563

Download Submit
C:\Users\Admin\AppData\Local\Temp\4winkey_pf\4winkey_pf_8.0.4.exe

Filesize
26.0MB

MD5
d5b46c097fc7e2603fcc2d54a2dea79b

SHA1
458c279e4d36fb22daaac530bf8049144fa9ffb8

SHA256
2578a2aa3bdb4a47abaf443860f75ba4779d2e2d57f0b97414f98f6d5b3c6f53

SHA512
a24a27d58bba4439cdb374d865e29df72f84c099cc83a20bf3e557f25ed81f8d64cdcade17e59f24311e76a68ee2a67ddd3aa06a6ed3b69c5280c69b68066563

Download Submit
C:\Users\Admin\AppData\Local\Temp\4winkey_pf\4winkey_pf_8.0.4.exe

Filesize
26.0MB

MD5
d5b46c097fc7e2603fcc2d54a2dea79b

SHA1
458c279e4d36fb22daaac530bf8049144fa9ffb8

SHA256
2578a2aa3bdb4a47abaf443860f75ba4779d2e2d57f0b97414f98f6d5b3c6f53

SHA512
a24a27d58bba4439cdb374d865e29df72f84c099cc83a20bf3e557f25ed81f8d64cdcade17e59f24311e76a68ee2a67ddd3aa06a6ed3b69c5280c69b68066563

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3DCE.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3E10.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-O7LTS.tmp\4winkey_pf_8.0.4.tmp

Filesize
1.6MB

MD5
9bae65758973e5af2d1c1229b1516803

SHA1
109dc2a3bb1883d7f65aaae4b48c07fb55518df4

SHA256
98f777d6daa1fe63ef58a4f4dd47ff3d2471b37deefa1a3eeed1b6f427c00ab9

SHA512
8a2695a85a514685739584bf7ec4720df3d052aaabf25e0dd21c0c77ccfafe59a028e43b3ee36ccffdad0bdde4a20c506d1c6a33236a1f7aa6db8f620a34e4ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-O7LTS.tmp\4winkey_pf_8.0.4.tmp

Filesize
1.6MB

MD5
9bae65758973e5af2d1c1229b1516803

SHA1
109dc2a3bb1883d7f65aaae4b48c07fb55518df4

SHA256
98f777d6daa1fe63ef58a4f4dd47ff3d2471b37deefa1a3eeed1b6f427c00ab9

SHA512
8a2695a85a514685739584bf7ec4720df3d052aaabf25e0dd21c0c77ccfafe59a028e43b3ee36ccffdad0bdde4a20c506d1c6a33236a1f7aa6db8f620a34e4ca

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\4WinKey.exe

Filesize
10.0MB

MD5
b8d977d1caaa14cfc6cd464410430b34

SHA1
0d70e169de28fbf48df9d53da72f840a2b070cd9

SHA256
18a43b740c89ccdaa96f4ccf93a31c8866b469fa0c1905af242e015c6e1d0929

SHA512
43ca03833bf724743e68106ff5a2b4032ccb896684be16a1aba1ffa31f663325e0af1d4923575307f0bd84e7011cb87861e31ef35f2c325b41aa1ec1b39559f5

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\AppService.dll

Filesize
116KB

MD5
cb5ff832288c9e3f075ee3cfff722123

SHA1
94b422e72c28a795e085175b2d0e8bf9f8a23a60

SHA256
aa872261c2331edc2fc76407c5ad367d26cc0e968d0d5a931ed48c3adb1d76ea

SHA512
0290d9a3dcc7733c7a36fe435a2e62e5141ab09d18e39e310d002bc0127aae3ed9692f2cbe3f7fe52a166c2c944577310be2a29be8374cfed5702c3233149543

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\AppService.dll

Filesize
116KB

MD5
cb5ff832288c9e3f075ee3cfff722123

SHA1
94b422e72c28a795e085175b2d0e8bf9f8a23a60

SHA256
aa872261c2331edc2fc76407c5ad367d26cc0e968d0d5a931ed48c3adb1d76ea

SHA512
0290d9a3dcc7733c7a36fe435a2e62e5141ab09d18e39e310d002bc0127aae3ed9692f2cbe3f7fe52a166c2c944577310be2a29be8374cfed5702c3233149543

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\RegisterAndLog.dll

Filesize
712KB

MD5
d74d4db2d54177bd84cf5980dbbb01bb

SHA1
19cf9786ce70b242175989d7ae32852424464f2a

SHA256
51a0fb801f13c0252bcfcfd67b0cd313bd0ca9217f5d1cac411c10c451d6d9c7

SHA512
d16fd92ba07d4f66ed038bfa86b699ac9427a787f12039d32e8e11df8df81467c7a43553c9383c82ed16bf687334059fca014d4cb2b4590ab16a504a87a1639a

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\RegisterAndLog.dll

Filesize
712KB

MD5
d74d4db2d54177bd84cf5980dbbb01bb

SHA1
19cf9786ce70b242175989d7ae32852424464f2a

SHA256
51a0fb801f13c0252bcfcfd67b0cd313bd0ca9217f5d1cac411c10c451d6d9c7

SHA512
d16fd92ba07d4f66ed038bfa86b699ac9427a787f12039d32e8e11df8df81467c7a43553c9383c82ed16bf687334059fca014d4cb2b4590ab16a504a87a1639a

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\RegisterAndLog.dll

Filesize
712KB

MD5
d74d4db2d54177bd84cf5980dbbb01bb

SHA1
19cf9786ce70b242175989d7ae32852424464f2a

SHA256
51a0fb801f13c0252bcfcfd67b0cd313bd0ca9217f5d1cac411c10c451d6d9c7

SHA512
d16fd92ba07d4f66ed038bfa86b699ac9427a787f12039d32e8e11df8df81467c7a43553c9383c82ed16bf687334059fca014d4cb2b4590ab16a504a87a1639a

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\Start.exe

Filesize
5.1MB

MD5
dfa52f31187371264763712e68b619e6

SHA1
57aa85253585a16c1a9e8952458cacc262208959

SHA256
3176365150fe53fb239533c9119e6f9cf527ef0386b0e7c68ce7e8db71b4b41b

SHA512
02d8922ab796b747520671c5b07e2377f248a047a2fad1ead2adff942013610a45bd5aa9942881d8808568db2ea3cbac11661810333c5437686dac05f2aa706f

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\Start.exe

Filesize
5.1MB

MD5
dfa52f31187371264763712e68b619e6

SHA1
57aa85253585a16c1a9e8952458cacc262208959

SHA256
3176365150fe53fb239533c9119e6f9cf527ef0386b0e7c68ce7e8db71b4b41b

SHA512
02d8922ab796b747520671c5b07e2377f248a047a2fad1ead2adff942013610a45bd5aa9942881d8808568db2ea3cbac11661810333c5437686dac05f2aa706f

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\TS.UI.dll

Filesize
354KB

MD5
0ce48582643a55635ad4c25945171022

SHA1
af9fa17211bec9c5ea6220459b4b822e275287e5

SHA256
6df571b5143af489864eb9fc562ba34501873ed18d0de149080309f7cace204d

SHA512
9638190d0b67a86948b61ff0bf4f168d0928f972a4232a3e7d39429c8d932c27e1c09d1cb3e9f2934b5407467c8532f0e32f570a99ac8a4ec8a6362d60a7706b

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\TS.UI.dll

Filesize
354KB

MD5
0ce48582643a55635ad4c25945171022

SHA1
af9fa17211bec9c5ea6220459b4b822e275287e5

SHA256
6df571b5143af489864eb9fc562ba34501873ed18d0de149080309f7cace204d

SHA512
9638190d0b67a86948b61ff0bf4f168d0928f972a4232a3e7d39429c8d932c27e1c09d1cb3e9f2934b5407467c8532f0e32f570a99ac8a4ec8a6362d60a7706b

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
00d8b4bed48a1bb8a0451b967a902977

SHA1
f10ef17bda66d7cab2840d7f89c6de022a7b3ff2

SHA256
568d7f8551d8b4199db3359d5145bc4cb01d6d2f1347547f47967eb06a45c3b5

SHA512
e248cbc06fc610f315d7efcadb39b5cb85dfe5d40858768d5aea8d41b3b4b23eafe0db2b38cce362fd8ba8bc5eb26e9b2dddc00e2e8615395bca818ecfe0decc

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
534483b0f4a1924b1ae6d7e66b4a4926

SHA1
4e954316acd216007f4a0225b138e0c0a04fbbed

SHA256
c1bca1bb524c5ae3d877a099f469b6fc34288bab26ae7a7f4fc47cd869f4958d

SHA512
cfad2ddf8a9ad67e36e978726d8a12ca26b180f73122b2e8d19a83f73028a050d9f418e7525f576cc3a9601b3369d4494dddbde620b4011b7ca8a7ec4b0d1b12

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
73483cbc229c62e129627adbf62b0ffe

SHA1
074ce67665c86355d3218b5e3ea4b1b335095af8

SHA256
13471eb84db95f8270398ef1deb29f0ea024db17e331497545c36eea7b2a3a7c

SHA512
92f06cb8971e29da7607c6b1d1377f21c7e6f0e4a169aaa08326038d5cdb09422b91f4f2d26a7978521e0edbb9cf1235e583f2910048c917ccef8d12c5e1166a

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
7016bf365a155d29f01a000942a017ef

SHA1
47e25b97af56edbdd20ca72bba994c6bcf1b81e6

SHA256
b5f815d0a41add7fd9593036a8e6843fcc221298fefd61808f960eed3cc19830

SHA512
2cd7e88717a2d81811ce03990737888b8a1e9e351dcdad401ffe5924bdf97be086bd766a1a5b25411b760cbf81b68bebd94d915100b6bc1310360813af11f827

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
9efdffac1d337807b52356413b04b97b

SHA1
2590bd486abce24312066285fa1c1feaf8332fe0

SHA256
e1a87d7d01e2376dde81a16658915ccf2ecb692739fef09adfb962523756e22d

SHA512
b3c164e50d48a78bd08cf365e02e263b97ec2dd3efcf04914c8677c838e10be23df5178a8618e3f2a6feb6faa2bb74eaf069e7e2db7c6e6fd9d0137dcffbcead

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
42c72d838c34e4e7164c578a930b8fc7

SHA1
82d02cb090eb6d81a1499189e4d3e6b82aa60061

SHA256
f1667bbda1b58fc688b422fd2f9f7040919c4ababe00a4be78b258cae2dfc3d3

SHA512
1020d6010dca512adbc18f44b6453a974a200766013c39f6cb1cd0a72234a241c73587c929f1d0fcadf90c3eb71264086167f05bd7ebceb5b944f4e4a0811d92

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
5c6fd1c6a5e69313a853a224e18a7fac

SHA1
10bae352f09b214edef2dc6adcb364c45fafdbec

SHA256
3aa0eb4c47ac94b911f1a440324d26eee8ddf99557a718f0905bfee3cf56255f

SHA512
08c2b1150f6bf505d10085a515bbfab6c1e18663c6ef75ec988727e3d30210532d03bfbfbb048b1a843d4faa5d1060f9079e018a9e892bce03f899a5a85f6034

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
6a3d5701446f6635faff87014a836eee

SHA1
7bbc9db1c9ce70e9fc7b7348a2c96681e5d8265b

SHA256
16ba05a1fa928501ffaee2e9dce449d28e8fe538df5ec6d8d1080b610b15d466

SHA512
839a1277b6dbb9f2d6e572e1b50b0ad08c93256a1367f36997db07285aa7b251346499a643a985a22d9a7618635c11964e414073aa7e1bf60d36368829de8fb3

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
4ec243792d382305db59dc78b72d0a1e

SHA1
63b7285646c72ee640d34cdc200bfc5863db3563

SHA256
56e0bdf91edb21f5f5041f052723025c059a11360bb745f965a9903de9c61756

SHA512
88f648d45927db65ff8cead4bb1959b1297410bf3f5b3b2783a173d708649260a61470342694de8b93e9c1657de64db43db40ee71acc661b03786c0921d68d4b

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
a51cfb8cf618571215eeba7095733b25

SHA1
db4215890757c7c105a8001b41ae19ce1a5d3558

SHA256
6501894e68a3871962731282a2e70614023ec3f63f600f933ec1785400716ce1

SHA512
9ae11ab21486dea1aba607a4262f62678c5b0e9f62b6a63c76cfdc7698d872d8696ffb1aaae7aa2e2cf02c1c7eaa53d0ce503432960f4be6886fae0de2659535

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
8d097aa5bec8bdb5df8f39e0db30397c

SHA1
56f6da8703f8cdd4a8e4a170d1a6c0d3f2035158

SHA256
42c235914844ce5d1bb64002fca34a776ae25ee658fc2b7b9da3291e5def7d4d

SHA512
a891536e2a362fc73472fa7f5266ce29e8036959701bc0862f2b7ea5865dcd1505615edc8e064fb2f7aaa1b129e48422efe7b933b01faed9c2afadd8a64452dc

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
ab87bdae2f62e32a533f89cd362d081c

SHA1
40311859dd042a7e392877364568aad892792ba9

SHA256
0439703e47c8fce1f367f9e36248a738db6abcd9f2dd199cb190d5e59ed46978

SHA512
dbe0073da8979f3d32204680015b60435226840e732b5df964dbeeb7920c0bc5df92d866964f905518c97cc3539f628664503ffa64e50a2ef90c459b62555444

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
19KB

MD5
169e20a74258b182d2cdc76f1ae77fc5

SHA1
fce3f718e6de505ac910cb7333a03a2c6544f654

SHA256
224f526871c961615de17b5d7f7bbef2f3a799055cab2c8e3447b43c10c25372

SHA512
0881c8704421a5f6e51abd22c55608dd7fb678491682ce86066e068b1973ebf11d6c2163be610a49f87e800c8563ebb41abfe36e1913d7d0b8485fd29ed81bf7

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
49363f3cf4671baa6be1abd03033542f

SHA1
e58902a82df86adf16f44ebdc558b92ad214a979

SHA256
505d2bde0d4d7cd3900a9c795cb84ab9c05208d6e5132749ab7c554ccd3c0fcc

SHA512
98e78a607cfbb777237dc812f468ec7a1abcba9472e20a5780dfc526f7992da1841fcd9e2f76f20fa161240007f185c7fbdc120fb4c3c1f2b90fdad5913d65dd

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
be16965acc8b0ce3a8a7c42d09329577

SHA1
6ac0f1e759781c7e5342b20f2a200a6aab66535e

SHA256
fcd55331cc1f0ff4fb44c9590a9fb8f891b161147a6947ce48b88bf708786c21

SHA512
7ba55fa204d43c15aca02031f584b3396bb175365dad88e4047b8a991f1f1ddd88d769e4d8cb93ee0ed45e060a1156e953df794f9cb8bb687c84c4a088da2edf

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
3eae6d370f2623b37ec39c521d1f1461

SHA1
86d43e2e69b2066333e4afa28a27c7a74ff89991

SHA256
ce74bdc6999d084a1b44b2ecea42dd28849b2825d7779effdc4c18360308b79b

SHA512
30b2b6cf5cd1bbdf68de048e6d992133fe7ab0c847fa0d5eb8c681a9688d60794621a40178451a104036a0fff2e1bd66a18d9f96be6b28dbdc0bc1c8a535fc85

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
a440776e10098f3a8ef1c5eaca72958e

SHA1
7b8662714f6e44fb29a4224a038e4127964003e9

SHA256
40d8bc312ac7bca072703e5f0852228cde418f89ba9ad69551aa7a80a2b30316

SHA512
b043cd020d184a239510b2607c94210dc5fdc5d2a2b9285836bdce8934cc86a1cc3f47a2f520b15db84f755ac2e7c67e0247099648d292bbd5fb76f683d928df

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\msvcp140.dll

Filesize
446KB

MD5
b33902774ce0eded02b0cf1b54622736

SHA1
05c4ffb6b9b9ba8a56b7a3187b7d100ab20fe8d5

SHA256
8cabbd2ad374da8e58374c6915592d217966e7ea7e0d4038aa21a2d92a5a0612

SHA512
bb7b40d3907ec7d96ed2827067b9b727bf8cc660be21d8aa40267ed25c44bf06b54654af669c5a47dbb321b3d46275780c00fffbc15a7af0c5bee03bdc3d1988

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\ucrtbase.dll

Filesize
1.1MB

MD5
b9820b010d39c3f0d5ec277d54b37fbf

SHA1
b2f704ade582bd498224bd84dfd8ec5a4efc2fb1

SHA256
de3f497d6da0b5b8ce3785d4ea1e587c50f1cae356226ffa3416fa43ef8a8503

SHA512
abd3c0f7d733d2537df5aed4b1327aa8988b823bc654528f1b206cd5b454c57bd0d004092a90dbb20d7109a24591669d3602d9e28c435ec815dd21efaa8cb2b7

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\unins000.exe

Filesize
1.6MB

MD5
9bae65758973e5af2d1c1229b1516803

SHA1
109dc2a3bb1883d7f65aaae4b48c07fb55518df4

SHA256
98f777d6daa1fe63ef58a4f4dd47ff3d2471b37deefa1a3eeed1b6f427c00ab9

SHA512
8a2695a85a514685739584bf7ec4720df3d052aaabf25e0dd21c0c77ccfafe59a028e43b3ee36ccffdad0bdde4a20c506d1c6a33236a1f7aa6db8f620a34e4ca

Download Submit
\Program Files (x86)\PassFab\PassFab 4WinKey\vcruntime140.dll

Filesize
80KB

MD5
e79ef25890b214b13a7473e52330d0ec

SHA1
e47cbd0000a1f6132d74f5e767ad91973bd772d8

SHA256
7a114a9c1ca86e532d7f38e81c48f24ef2bfe6084f6056b3d4c3566ba43003d6

SHA512
dabed378fccfabc10486747fc70cf51a4fcc5b88f869c8a2fa4df30caa83a3af086c89e23806b7a291756da957a97c80a9b834a05e1d8ee7bd5c7159458c537a

Download Submit
\Users\Admin\AppData\Local\Temp\4winkey_pf\4winkey_pf_8.0.4.exe

Filesize
26.0MB

MD5
d5b46c097fc7e2603fcc2d54a2dea79b

SHA1
458c279e4d36fb22daaac530bf8049144fa9ffb8

SHA256
2578a2aa3bdb4a47abaf443860f75ba4779d2e2d57f0b97414f98f6d5b3c6f53

SHA512
a24a27d58bba4439cdb374d865e29df72f84c099cc83a20bf3e557f25ed81f8d64cdcade17e59f24311e76a68ee2a67ddd3aa06a6ed3b69c5280c69b68066563

Download Submit
\Users\Admin\AppData\Local\Temp\is-O7LTS.tmp\4winkey_pf_8.0.4.tmp

Filesize
1.6MB

MD5
9bae65758973e5af2d1c1229b1516803

SHA1
109dc2a3bb1883d7f65aaae4b48c07fb55518df4

SHA256
98f777d6daa1fe63ef58a4f4dd47ff3d2471b37deefa1a3eeed1b6f427c00ab9

SHA512
8a2695a85a514685739584bf7ec4720df3d052aaabf25e0dd21c0c77ccfafe59a028e43b3ee36ccffdad0bdde4a20c506d1c6a33236a1f7aa6db8f620a34e4ca

Download Submit
memory/1244-695-0x0000000005750000-0x0000000005770000-memory.dmp

Filesize
128KB

Download
memory/1244-678-0x0000000011FA0000-0x0000000012035000-memory.dmp

Filesize
596KB

Download
memory/1244-713-0x00000000064B0000-0x00000000064B1000-memory.dmp

Filesize
4KB

Download
memory/1244-669-0x0000000000F10000-0x0000000000F11000-memory.dmp

Filesize
4KB

Download
memory/1244-618-0x0000000000BA0000-0x0000000000BC2000-memory.dmp

Filesize
136KB

Download
memory/1244-670-0x0000000000F10000-0x0000000000F11000-memory.dmp

Filesize
4KB

Download
memory/1244-707-0x0000000005F40000-0x0000000005F94000-memory.dmp

Filesize
336KB

Download
memory/1244-705-0x0000000005970000-0x000000000597A000-memory.dmp

Filesize
40KB

Download
memory/1244-622-0x0000000000BD0000-0x0000000000C2A000-memory.dmp

Filesize
360KB

Download
memory/1244-706-0x0000000005970000-0x000000000597A000-memory.dmp

Filesize
40KB

Download
memory/1244-626-0x0000000004D90000-0x0000000004E41000-memory.dmp

Filesize
708KB

Download
memory/1244-614-0x000000000A770000-0x000000000B18E000-memory.dmp

Filesize
10.1MB

Download
memory/1244-696-0x00000000058F0000-0x000000000591A000-memory.dmp

Filesize
168KB

Download
memory/1244-2232-0x00000000052F0000-0x0000000005340000-memory.dmp

Filesize
320KB

Download
memory/1244-612-0x0000000000150000-0x0000000000B58000-memory.dmp

Filesize
10.0MB

Download
memory/1244-668-0x0000000000F10000-0x0000000000F11000-memory.dmp

Filesize
4KB

Download
memory/1244-1151-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/1244-1152-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/1244-692-0x0000000005EE0000-0x0000000005F3E000-memory.dmp

Filesize
376KB

Download
memory/1244-688-0x0000000005470000-0x000000000547C000-memory.dmp

Filesize
48KB

Download
memory/1244-671-0x000000006D050000-0x000000006D968000-memory.dmp

Filesize
9.1MB

Download
memory/1244-674-0x000000000B510000-0x000000000B59C000-memory.dmp

Filesize
560KB

Download
memory/1244-675-0x0000000002960000-0x0000000002970000-memory.dmp

Filesize
64KB

Download
memory/1244-687-0x0000000005690000-0x0000000005740000-memory.dmp

Filesize
704KB

Download
memory/1244-686-0x0000000005450000-0x000000000545A000-memory.dmp

Filesize
40KB

Download
memory/1244-681-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/1244-680-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/1244-676-0x0000000002980000-0x0000000002986000-memory.dmp

Filesize
24KB

Download
memory/1244-1830-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/1244-1658-0x0000000005970000-0x000000000597A000-memory.dmp

Filesize
40KB

Download
memory/1244-679-0x00000000052C0000-0x00000000052EB000-memory.dmp

Filesize
172KB

Download
memory/1244-712-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/1244-677-0x0000000004E90000-0x0000000004EDA000-memory.dmp

Filesize
296KB

Download
memory/1352-241-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1352-601-0x0000000000400000-0x00000000005A9000-memory.dmp

Filesize
1.7MB

Download
memory/1776-195-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1776-602-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2032-240-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/2032-106-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/2032-603-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/2032-613-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/2032-54-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download
memory/2032-55-0x0000000000400000-0x0000000000880000-memory.dmp

Filesize
4.5MB

Download