c422d293ace4bd859762dc331ffed1d961d051bb4cfdfdc235cc665d749236d6

Analysis

max time kernel
493s
max time network
580s
platform
windows10-2004_x64
resource
win10v2004-20230915-es
resource tags

arch:x64arch:x86image:win10v2004-20230915-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
22-09-2023 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CoverAOSetup.exe
Size

984.0MB
MD5

de3fe91e5a0adacbe66103aad2b4c1a7
SHA1

76ad7c8af8cc9485347c32e99ee6f6528bcba7c7
SHA256

c422d293ace4bd859762dc331ffed1d961d051bb4cfdfdc235cc665d749236d6
SHA512

e6ce6dbfdd04a3b2663b790737421783227560227f8571a4cf09945d7293a0933c0d7f683857ddf4be07718c8bee33e005ce1d4427129d72b29ea9272381c63b
SSDEEP

25165824:SSFEC8pmwYpUr/21p8z0JjcosD3qUtUsJBp5dDOGB3wt7V:SSFMmBUe+OjdsmuHbdDOGBgtZ

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	CoverAOLauncher.exe

Executes dropped EXE 3 IoCs

pid	Process
1212	CoverAOSetup.tmp
2832	CoverAOLauncher.exe
3488	CoverAO.exe

Loads dropped DLL 64 IoCs

pid	Process
5112	regsvr32.exe
4300	regsvr32.exe
4984	regsvr32.exe
2704	regsvr32.exe
3804	regsvr32.exe
2740	regsvr32.exe
2308	regsvr32.exe
3236	regsvr32.exe
2908	regsvr32.exe
3524	regsvr32.exe
788	regsvr32.exe
508	regsvr32.exe
1384	regsvr32.exe
2032	regsvr32.exe
3940	regsvr32.exe
472	regsvr32.exe
4468	regsvr32.exe
1304	regsvr32.exe
3652	regsvr32.exe
3032	regsvr32.exe
2116	regsvr32.exe
4612	regsvr32.exe
1576	regsvr32.exe
2720	regsvr32.exe
4856	regsvr32.exe
4920	regsvr32.exe
3356	regsvr32.exe
1780	regsvr32.exe
3848	regsvr32.exe
3600	regsvr32.exe
1852	regsvr32.exe
2900	regsvr32.exe
3488	regsvr32.exe
2592	regsvr32.exe
3292	regsvr32.exe
3292	regsvr32.exe
4280	regsvr32.exe
3804	regsvr32.exe
336	regsvr32.exe
4892	regsvr32.exe
1152	regsvr32.exe
2496	regsvr32.exe
1696	regsvr32.exe
2172	regsvr32.exe
2096	regsvr32.exe
2516	regsvr32.exe
4872	regsvr32.exe
4872	regsvr32.exe
3748	regsvr32.exe
500	regsvr32.exe
3424	regsvr32.exe
932	regsvr32.exe
3496	regsvr32.exe
3260	regsvr32.exe
2648	regsvr32.exe
480	regsvr32.exe
3564	regsvr32.exe
2672	regsvr32.exe
2832	CoverAOLauncher.exe
2832	CoverAOLauncher.exe
2832	CoverAOLauncher.exe
2832	CoverAOLauncher.exe
2832	CoverAOLauncher.exe
2832	CoverAOLauncher.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CF49D4E0-1115-11CE-B03A-0020AF0BA770}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CC785860-B2CA-11CE-8D2B-0000E202599C}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDBD8D00-C193-11D0-BD4E-00A0C911CE86}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6F26A6CD-967B-47FD-874A-7AED2C9D25A2}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{51B4ABF3-748F-4E3B-A276-C828330E926A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{060AF76C-68DD-11D0-8FC1-00C04FD9189D}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1643E180-90F5-11CE-97D5-00AA0055595A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D51BD5A1-7548-11CF-A520-0080C77EF58A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8670C736-F614-427b-8ADA-BBADC587194B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDA42200-BD88-11D0-BD4E-00A0C911CE86}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FEB50740-7BEF-11CE-9BD9-0000E202599C}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{48025243-2D39-11CE-875D-00608CB78066}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E436EBB6-524F-11CE-9F53-0020AF0BA770}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B87BEB7B-8D29-423F-AE4D-6582C10175AC}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{418AFB70-F8B8-11CE-AAC6-0020AF0B99A3}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2D2E24CB-0CD5-458F-86EA-3E6FA22C8E64}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1E651CC0-B199-11D0-8212-00C04FC32C45}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E436EBB7-524F-11CE-9F53-0020AF0BA770}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B80AB0A0-7416-11D2-9EEB-006008039E37}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E4206432-01A1-4BEE-B3E1-3702C8EDC574}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D8AA343-6E63-4663-BE90-6B80F66540A3}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{944D4C00-DD52-11CE-BF0E-00AA0055595A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E5B4EAA0-B2CA-11CE-8D2B-0000E202599C}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E436EBB1-524F-11CE-9F53-0020AF0BA770}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E30629D1-27E5-11CE-875D-00608CB78066}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1B544C20-FD0B-11CE-8C63-00AA0044B51E}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{70E102B0-5556-11CE-97C0-00AA0055595A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07B65360-C445-11CE-AFDE-00AA006C14F4}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E4979309-7A32-495E-8A92-7B014AAD4961}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{59CE6880-ACF8-11CF-B56E-0080C7C4B68A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6A08CF80-0E18-11CF-A24D-0020AFD79767}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D51BD5A3-7548-11CF-A520-0080C77EF58A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{37E92A92-D9AA-11D2-BF84-8EF2B1555AED}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E436EBB2-524F-11CE-9F53-0020AF0BA770}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{79376820-07D0-11CF-A24D-0020AFD79767}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A2286E0-7BEF-11CE-9BD9-0000E202599C}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D51BD5A2-7548-11CF-A520-0080C77EF58A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D3588AB0-0781-11CE-B03A-0020AF0BA770}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4444AC9E-242E-471B-A3C7-45DCD46352BC}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8DFB9A0-8A20-479F-B538-9387C5EEBA2B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{33FACFE0-A9BE-11D0-A520-00A0D10129C0}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{301056D0-6DFF-11D2-9EEB-006008039E37}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D51BD5A5-7548-11CF-A520-0080C77EF58A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A3ECBC41-581A-4476-B693-A63340462D8B}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1DA08500-9EDC-11CF-BC10-00AA00AC74F6}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05589FAF-C356-11CE-BF01-00AA0055595A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{336475D0-942A-11CE-A870-00AA002FEAB5}\InprocServer32	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\DDEXv3.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\vbabdx.dll	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-PMNTM.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-F83NL.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-MBLFQ.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\vbabdx.dll	CoverAOSetup.tmp
File created	C:\Windows\system32\is-U1HID.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-CSKED.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-CBOC6.tmp	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-6R7FG.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\msstdfmt.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\AOLIB.DLL	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\ws2_32.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\TstDll.dll	CoverAOSetup.tmp
File created	C:\Windows\system32\is-B0O57.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-1MLOH.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\oleaut32.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\vbDABL.dll	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-AJJGQ.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-R3JN7.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-3970N.tmp	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-99C6K.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-DUA97.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-LHG91.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\Unzip32.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\DDEx.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\ijl11.dll	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-GJ2HF.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-0N3QP.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\TstDll.dll	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-LT2UL.tmp	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-PTCQ4.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\ieframe.dll	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-45HJT.tmp	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-G4Q21.tmp	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-91O7D.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-Q7ND3.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-0VRAL.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\dx7vb.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\Msvbvm50.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\LEEMAPAS.DLL	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\LEEINIS.DLL	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\quartz.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\dx7vb.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\mfc42.dll	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-IGVPS.tmp	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-53M19.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\msvbvm60.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\msstdfmt.dll	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-3VI6I.tmp	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-SLNA7.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\AOFX.DLL	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\zlib.dll	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-L2B3I.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-5IOAJ.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-1UTSV.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\ws2_32.dll	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-55QBU.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-RJEKF.tmp	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-O3JR1.tmp	CoverAOSetup.tmp
File created	C:\Windows\system32\is-8LCNH.tmp	CoverAOSetup.tmp
File opened for modification	C:\Windows\SysWOW64\PSAPI.dll	CoverAOSetup.tmp
File opened for modification	C:\Windows\system32\LEEINIS.DLL	CoverAOSetup.tmp
File created	C:\Windows\SysWOW64\is-JF0AR.tmp	CoverAOSetup.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\7384.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\864.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\507.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\10370.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1351.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\2509.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1015.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1166.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\4610.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\576.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\8227.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\10132.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\3420.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\259.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\19982.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\3425.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\7216.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\7510.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\19201.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\10366.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\10732.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\19733.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\2510.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\501.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\5522.png	CoverAO.exe
File created	C:\Program Files (x86)\CoverAO\Documentos\Graficos_Nuevos\20010.png	CoverAOLauncher.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\15503.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\19052.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\19882.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\257.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\10372.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1501.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1942.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\19934.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\2647.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\3345.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\8100.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\10053.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1090.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1207.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\939.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\10135.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\9549.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\10119.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\19865.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\382.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\9834.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1287.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\15289.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\15556.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1921.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\7387.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\8237.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\8284.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1078.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\2572.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\5136.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\15197.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\15195.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\19180.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\5152.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\998.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\10101.png	CoverAO.exe
File opened for modification	C:\Program Files (x86)\CoverAO\Documentos\Graficos\1707.png	CoverAO.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\msmouse.PNF	CoverAO.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{53749718-F78D-4A67-8703-8AE050075170}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908}\AlternateCLSID = "{E2D211D5-11E4-4D9E-B6DB-1E902C851A49}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\Compatibility Flags = "1024"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\AlternateCLSID = "{8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6D835690-900B-11D0-9484-00A0C91110ED}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9ED94440-E5E8-101B-B9B5-444553540000}\AlternateCLSID = "{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{35053A22-8589-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\AlternateCLSID = "{6E5311A1-325D-4FFD-9AF4-B373F02AE458}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8E3867A3-8586-11D1-B16A-00C0F0283628}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3B7C8860-D78F-101B-B9B5-04021C009402}\Compatibility Flags = "1024"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402}\Compatibility Flags = "1024"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{67397AA3-7FB1-11D0-B148-00A0C922E820}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{67397AA3-7FB1-11D0-B148-00A0C922E820}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\AlternateCLSID = "{6E5311A1-325D-4FFD-9AF4-B373F02AE458}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9ED94440-E5E8-101B-B9B5-444553540000}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{67397AA3-7FB1-11D0-B148-00A0C922E820}\AlternateCLSID = "{234086BB-0242-46C5-B71F-5A9B961DB911}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}\AlternateCLSID = "{87DACC48-F1C5-4AF3-84BA-A2A72C2AB959}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{39977C62-C383-463D-AF61-C71220634656}\AlternateCLSID = "{6E5311A1-325D-4FFD-9AF4-B373F02AE458}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\AlternateCLSID = "{8F0F480A-4366-4737-8265-2AD6FDAC8C31}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}\AlternateCLSID = "{0B314611-2C19-4AB4-8513-A6EEA569D3C4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3B7C8860-D78F-101B-B9B5-04021C009402}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3B7C8860-D78F-101B-B9B5-04021C009402}\AlternateCLSID = "{894BA3A3-3CA3-402F-B4FE-CD08337E9535}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\AlternateCLSID = "{8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{39977C62-C383-463D-AF61-C71220634656}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402}	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}\AlternateCLSID = "{556C2772-F1AD-4DE1-8456-BD6E8F66113B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{612A8624-0FB3-11CE-8747-524153480004}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3B7C8860-D78F-101B-B9B5-04021C009402}\AlternateCLSID = "{894BA3A3-3CA3-402F-B4FE-CD08337E9535}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}\Compatibility Flags = "1024"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6D835690-900B-11D0-9484-00A0C91110ED}\AlternateCLSID = "{7E96FC67-468E-4E70-B246-D42078DD2361}"	regsvr32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{14E469E0-BF61-11CF-8385-8F69D8F1350B}\TypeLib\Version = "5.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{33101C01-75C3-11CF-A8A0-444553540000}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24B224E0-9545-4A2F-ABD5-86AA8A849385}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{585AA280-ED8B-46B2-93AE-132ECFA1DAFC}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0324960-2AAA-11CF-AD67-00AA00614F3E}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3127CA40-446E-11CE-8135-00AA004BB851}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ProgCtrl	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95F0B3BE-E8AC-4995-9DCA-419849E06410}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\ = "Toolbar General Property Page Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\MJPEG Compressor\FriendlyName = "MJPEG Compressor"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7E96FC67-468E-4E70-B246-D42078DD2361}\VersionIndependentProgID\ = "MSSTDFMT.StdDataFormat"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2B577565-36F7-4351-B2E7-DAFC75E9D72A}\Version\ = "1.3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39977C62-C383-463D-AF61-C71220634656}\VersionIndependentProgID\ = "MSWinsock.Winsock"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}\1.2\HELPDIR\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7E96FC67-468E-4E70-B246-D42078DD2361}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ImageListCtrl.1\CLSID\ = "{53749718-F78D-4A67-8703-8AE050075170}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\ToolboxBitmap32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{87DACC48-F1C5-4AF3-84BA-A2A72C2AB959}\ProgID\ = "MSComctlLib.ImageComboCtl.2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1042DEDA-3CA2-4448-9B80-24C2EAA31535}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Catalyst.SocketCtrl.1\CLSID\ = "{33101C03-75C3-11CF-A8A0-444553540000}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2\ = "Microsoft ImageComboBox Control 6.0 (SP6)"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\MiscStatus\1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StdPicture\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{99D54F63-1A69-41AE-AA4D-C976EB3F0713}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AA2073E6-7B9C-11D0-B143-00A0C922E820}\InprocServer32\ = "C:\\Windows\\SysWow64\\MSADODC.ocx"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5311E70-C9FD-11D1-A8BC-004033CA9316}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\captura.ocx, 30000"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0B314611-2C19-4AB4-8513-A6EEA569D3C4}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EAC2F2A-251F-4BA8-8617-99A8DD715453}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7E96FC67-468E-4E70-B246-D42078DD2361}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{585AA280-ED8B-46B2-93AE-132ECFA1DAFC}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E436EBB5-524F-11CE-9F53-0020AF0BA770}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.ListViewCtrl\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}\ = "IButton10"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{979127D3-7D01-4FDE-AF65-A698091468AF}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.TreeCtrl\ = "Microsoft TreeView Control 6.0 (SP6)"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7ABA9C1-8983-11CF-8F20-00805F2CD064}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{06B32AEE-77DA-484B-973B-5D64F47201B0}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A3-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{E436EBB6-524F-11CE-9F53-0020AF0BA770}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}\ProgID\ = "MSComctlLib.ListViewCtrl.2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020412-0000-0000-C000-000000000046}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9A948063-66C3-4F63-AB46-582EDAA35047}\Version\ = "2.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{87DACC48-F1C5-4AF3-84BA-A2A72C2AB959}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A0E7BF67-8D30-4620-8825-7111714C7CAB}	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp
1212	CoverAOSetup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1212	CoverAOSetup.tmp

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2832	CoverAOLauncher.exe
2832	CoverAOLauncher.exe
2832	CoverAOLauncher.exe
3488	CoverAO.exe
3488	CoverAO.exe
3488	CoverAO.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 1212	2952	CoverAOSetup.exe	94
PID 2952 wrote to memory of 1212	2952	CoverAOSetup.exe	94
PID 2952 wrote to memory of 1212	2952	CoverAOSetup.exe	94
PID 1212 wrote to memory of 5112	1212	CoverAOSetup.tmp	110
PID 1212 wrote to memory of 5112	1212	CoverAOSetup.tmp	110
PID 1212 wrote to memory of 5112	1212	CoverAOSetup.tmp	110
PID 1212 wrote to memory of 4300	1212	CoverAOSetup.tmp	111
PID 1212 wrote to memory of 4300	1212	CoverAOSetup.tmp	111
PID 1212 wrote to memory of 4300	1212	CoverAOSetup.tmp	111
PID 1212 wrote to memory of 4984	1212	CoverAOSetup.tmp	112
PID 1212 wrote to memory of 4984	1212	CoverAOSetup.tmp	112
PID 1212 wrote to memory of 4984	1212	CoverAOSetup.tmp	112
PID 1212 wrote to memory of 2704	1212	CoverAOSetup.tmp	113
PID 1212 wrote to memory of 2704	1212	CoverAOSetup.tmp	113
PID 1212 wrote to memory of 2704	1212	CoverAOSetup.tmp	113
PID 1212 wrote to memory of 3804	1212	CoverAOSetup.tmp	114
PID 1212 wrote to memory of 3804	1212	CoverAOSetup.tmp	114
PID 1212 wrote to memory of 3804	1212	CoverAOSetup.tmp	114
PID 1212 wrote to memory of 2740	1212	CoverAOSetup.tmp	115
PID 1212 wrote to memory of 2740	1212	CoverAOSetup.tmp	115
PID 1212 wrote to memory of 2740	1212	CoverAOSetup.tmp	115
PID 1212 wrote to memory of 2308	1212	CoverAOSetup.tmp	116
PID 1212 wrote to memory of 2308	1212	CoverAOSetup.tmp	116
PID 1212 wrote to memory of 2308	1212	CoverAOSetup.tmp	116
PID 1212 wrote to memory of 1844	1212	CoverAOSetup.tmp	117
PID 1212 wrote to memory of 1844	1212	CoverAOSetup.tmp	117
PID 1212 wrote to memory of 1844	1212	CoverAOSetup.tmp	117
PID 1212 wrote to memory of 3236	1212	CoverAOSetup.tmp	118
PID 1212 wrote to memory of 3236	1212	CoverAOSetup.tmp	118
PID 1212 wrote to memory of 3236	1212	CoverAOSetup.tmp	118
PID 1212 wrote to memory of 2908	1212	CoverAOSetup.tmp	119
PID 1212 wrote to memory of 2908	1212	CoverAOSetup.tmp	119
PID 1212 wrote to memory of 2908	1212	CoverAOSetup.tmp	119
PID 1212 wrote to memory of 3524	1212	CoverAOSetup.tmp	120
PID 1212 wrote to memory of 3524	1212	CoverAOSetup.tmp	120
PID 1212 wrote to memory of 3524	1212	CoverAOSetup.tmp	120
PID 1212 wrote to memory of 3808	1212	CoverAOSetup.tmp	121
PID 1212 wrote to memory of 3808	1212	CoverAOSetup.tmp	121
PID 1212 wrote to memory of 3808	1212	CoverAOSetup.tmp	121
PID 1212 wrote to memory of 788	1212	CoverAOSetup.tmp	122
PID 1212 wrote to memory of 788	1212	CoverAOSetup.tmp	122
PID 1212 wrote to memory of 788	1212	CoverAOSetup.tmp	122
PID 1212 wrote to memory of 508	1212	CoverAOSetup.tmp	123
PID 1212 wrote to memory of 508	1212	CoverAOSetup.tmp	123
PID 1212 wrote to memory of 508	1212	CoverAOSetup.tmp	123
PID 1212 wrote to memory of 1160	1212	CoverAOSetup.tmp	124
PID 1212 wrote to memory of 1160	1212	CoverAOSetup.tmp	124
PID 1212 wrote to memory of 1160	1212	CoverAOSetup.tmp	124
PID 1212 wrote to memory of 2980	1212	CoverAOSetup.tmp	125
PID 1212 wrote to memory of 2980	1212	CoverAOSetup.tmp	125
PID 1212 wrote to memory of 2980	1212	CoverAOSetup.tmp	125
PID 1212 wrote to memory of 208	1212	CoverAOSetup.tmp	126
PID 1212 wrote to memory of 208	1212	CoverAOSetup.tmp	126
PID 1212 wrote to memory of 208	1212	CoverAOSetup.tmp	126
PID 1212 wrote to memory of 3896	1212	CoverAOSetup.tmp	127
PID 1212 wrote to memory of 3896	1212	CoverAOSetup.tmp	127
PID 1212 wrote to memory of 3896	1212	CoverAOSetup.tmp	127
PID 1212 wrote to memory of 3496	1212	CoverAOSetup.tmp	128
PID 1212 wrote to memory of 3496	1212	CoverAOSetup.tmp	128
PID 1212 wrote to memory of 3496	1212	CoverAOSetup.tmp	128
PID 1212 wrote to memory of 1384	1212	CoverAOSetup.tmp	129
PID 1212 wrote to memory of 1384	1212	CoverAOSetup.tmp	129
PID 1212 wrote to memory of 1384	1212	CoverAOSetup.tmp	129
PID 1212 wrote to memory of 2032	1212	CoverAOSetup.tmp	131

C:\Users\Admin\AppData\Local\Temp\CoverAOSetup.exe
"C:\Users\Admin\AppData\Local\Temp\CoverAOSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\is-SMOQD.tmp\CoverAOSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-SMOQD.tmp\CoverAOSetup.tmp" /SL5="$7021E,1031432349,386048,C:\Users\Admin\AppData\Local\Temp\CoverAOSetup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1212
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\aamd532.dll"
    3⤵
    - Loads dropped DLL
    PID:5112
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\AOFX.DLL"
    3⤵
    - Loads dropped DLL
    PID:4300
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\AOLIB.DLL"
    3⤵
    - Loads dropped DLL
    PID:4984
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\DDEx.dll"
    3⤵
    - Loads dropped DLL
    PID:2704
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\DDEXv3.dll"
    3⤵
    - Loads dropped DLL
    PID:3804
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\dx7vb.dll"
    3⤵
    - Loads dropped DLL
    PID:2740
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\dx8vb.dll"
    3⤵
    - Loads dropped DLL
    PID:2308
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ieframe.dll"
    3⤵
    PID:1844
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ijl11.dll"
    3⤵
    - Loads dropped DLL
    PID:3236
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\LEEINIS.DLL"
    3⤵
    - Loads dropped DLL
    PID:2908
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\LEEMAPAS.DLL"
    3⤵
    - Loads dropped DLL
    PID:3524
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\mfc42.dll"
    3⤵
    PID:3808
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msstdfmt.dll"
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:788
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\Msvbvm50.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:508
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msvbvm60.dll"
    3⤵
    - Modifies registry class
    PID:1160
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\oleaut32.dll"
    3⤵
    - Modifies registry class
    PID:2980
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\olepro32.dll"
    3⤵
    PID:208
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\PSAPI.dll"
    3⤵
    PID:3896
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\quartz.dll"
    3⤵
    - Modifies registry class
    PID:3496
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\TstDll.dll"
    3⤵
    - Loads dropped DLL
    PID:1384
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\Unzip32.dll"
    3⤵
    - Loads dropped DLL
    PID:2032
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\vbabdx.dll"
    3⤵
    - Loads dropped DLL
    PID:3940
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\vbDABL.dll"
    3⤵
    - Loads dropped DLL
    PID:472
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\winmm.dll"
    3⤵
    PID:3480
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ws2_32.dll"
    3⤵
    PID:1068
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\zlib.dll"
    3⤵
    - Loads dropped DLL
    PID:4468
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\aamd532.dll"
    3⤵
    PID:2572
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\aamd532.dll"
      4⤵
      Loads dropped DLL
      PID:1304
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\AOFX.DLL"
    3⤵
    PID:4876
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\AOFX.DLL"
      4⤵
      Loads dropped DLL
      PID:3652
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\AOLIB.DLL"
    3⤵
    PID:4848
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\AOLIB.DLL"
      4⤵
      Loads dropped DLL
      PID:3032
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\DDEx.dll"
    3⤵
    PID:1660
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\DDEx.dll"
      4⤵
      Loads dropped DLL
      PID:2116
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\DDEXv3.dll"
    3⤵
    PID:4476
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\DDEXv3.dll"
      4⤵
      Loads dropped DLL
      PID:4612
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\dx7vb.dll"
    3⤵
    PID:3216
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\dx7vb.dll"
      4⤵
      Loads dropped DLL
      PID:1576
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\dx8vb.dll"
    3⤵
    PID:2764
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\dx8vb.dll"
      4⤵
      Loads dropped DLL
      PID:2720
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ieframe.dll"
    3⤵
    PID:1492
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ijl11.dll"
    3⤵
    PID:564
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\ijl11.dll"
      4⤵
      Loads dropped DLL
      PID:4856
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\LEEINIS.DLL"
    3⤵
    PID:1244
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\LEEINIS.DLL"
      4⤵
      Loads dropped DLL
      PID:4920
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\LEEMAPAS.DLL"
    3⤵
    PID:1216
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\LEEMAPAS.DLL"
      4⤵
      Loads dropped DLL
      PID:3356
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\mfc42.dll"
    3⤵
    PID:2636
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msstdfmt.dll"
    3⤵
    PID:4104
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\msstdfmt.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:1780
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\Msvbvm50.dll"
    3⤵
    PID:1740
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\Msvbvm50.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3848
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msvbvm60.dll"
    3⤵
    PID:416
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\msvbvm60.dll"
      4⤵
      PID:1228
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\oleaut32.dll"
    3⤵
    - Registers COM server for autorun
    - Modifies registry class
    PID:2732
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\olepro32.dll"
    3⤵
    PID:4568
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\olepro32.dll"
      4⤵
      PID:4904
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\PSAPI.dll"
    3⤵
    PID:4916
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\quartz.dll"
    3⤵
    - Registers COM server for autorun
    - Modifies registry class
    PID:3908
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\TstDll.dll"
    3⤵
    PID:1488
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\TstDll.dll"
      4⤵
      Loads dropped DLL
      PID:3600
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\Unzip32.dll"
    3⤵
    PID:3900
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\Unzip32.dll"
      4⤵
      Loads dropped DLL
      PID:1852
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\vbabdx.dll"
    3⤵
    PID:2080
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\vbabdx.dll"
      4⤵
      Loads dropped DLL
      PID:2900
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\vbDABL.dll"
    3⤵
    PID:456
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\vbDABL.dll"
      4⤵
      Loads dropped DLL
      PID:3488
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\winmm.dll"
    3⤵
    PID:1268
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\ws2_32.dll"
    3⤵
    PID:2348
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\zlib.dll"
    3⤵
    PID:3288
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\zlib.dll"
      4⤵
      Loads dropped DLL
      PID:2592
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\captura.ocx"
    3⤵
    - Loads dropped DLL
    PID:3292
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\COMCTL32.ocx"
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:4280
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\COMDLG32.ocx"
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    PID:3804
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\CSWSK32.ocx"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:336
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\listadoservers.ocx"
    3⤵
    - Loads dropped DLL
    PID:4892
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSADODC.ocx"
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:1152
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\Mscomctl.ocx"
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:2496
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSINET.ocx"
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:1696
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSWINSCK.ocx"
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:2172
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\RICHTX32.ocx"
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:2096
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\vbalProgBar6.ocx"
    3⤵
    - Loads dropped DLL
    PID:2516
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\captura.ocx"
    3⤵
    PID:3524
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\captura.ocx"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:4872
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\COMCTL32.ocx"
    3⤵
    PID:2964
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\COMCTL32.ocx"
      4⤵
      Loads dropped DLL
      Modifies Internet Explorer settings
      Modifies registry class
      PID:3748
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\COMDLG32.ocx"
    3⤵
    PID:1160
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\COMDLG32.ocx"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:500
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\CSWSK32.ocx"
    3⤵
    PID:3720
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\CSWSK32.ocx"
      4⤵
      Loads dropped DLL
      PID:3424
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\listadoservers.ocx"
    3⤵
    PID:3884
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\listadoservers.ocx"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:932
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSADODC.ocx"
    3⤵
    PID:4152
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\MSADODC.ocx"
      4⤵
      Loads dropped DLL
      Modifies Internet Explorer settings
      PID:3496
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\Mscomctl.ocx"
    3⤵
    PID:3388
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\Mscomctl.ocx"
      4⤵
      Loads dropped DLL
      Modifies Internet Explorer settings
      Modifies registry class
      PID:3260
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSINET.ocx"
    3⤵
    PID:2032
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\MSINET.ocx"
      4⤵
      Loads dropped DLL
      Modifies Internet Explorer settings
      PID:2648
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\MSWINSCK.ocx"
    3⤵
    PID:832
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\MSWINSCK.ocx"
      4⤵
      Loads dropped DLL
      Modifies Internet Explorer settings
      PID:480
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\RICHTX32.ocx"
    3⤵
    PID:4404
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\RICHTX32.ocx"
      4⤵
      Loads dropped DLL
      Modifies Internet Explorer settings
      Modifies registry class
      PID:3564
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\vbalProgBar6.ocx"
    3⤵
    PID:2124
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\vbalProgBar6.ocx"
      4⤵
      Loads dropped DLL
      PID:2672
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\Captura.oca"
    3⤵
    PID:4468
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\CSWSK32.oca"
    3⤵
    PID:4496
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\Captura.oca"
    3⤵
    PID:2280
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\Captura.oca"
      4⤵
      PID:1684
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\CSWSK32.oca"
    3⤵
    PID:2456
  - - C:\Windows\SysWOW64\regsvr32.exe
      /s "C:\Windows\system32\CSWSK32.oca"
      4⤵
      PID:4348
- - C:\Program Files (x86)\CoverAO\CoverAOLauncher.exe
    "C:\Program Files (x86)\CoverAO\CoverAOLauncher.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of SetWindowsHookEx
    PID:2832
  - - C:\Program Files (x86)\CoverAO\CoverAO.exe
      "C:\Program Files (x86)\CoverAO\CoverAO.exe"
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:3488

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\CoverAO\CoverAO.exe

Filesize
3.8MB

MD5
1ffc16246c3bae5858d3ec7006658789

SHA1
5082cf240713541738738f347664796569b91ca2

SHA256
b927944cf8cd3c63fb181d1f5098d50bd63c13dc9238f823de2b6bc1fd1eb078

SHA512
2d1882f0ccd759f9522866e1ef1c9c870d2bf36b11445c21eec8f839fb6e605e5de6220723f1d25bcd1d1023ad3536abba8893d7c9bc8cbcb517f8bf78569c3f

Download Submit
C:\Program Files (x86)\CoverAO\CoverAOLauncher.exe

Filesize
1.4MB

MD5
84d2d90cdf41123163f36ee8c39bdbae

SHA1
429cf3581a829813fabf92831442fc9223c38782

SHA256
af52e6b19c8f0fe8d5d849da0e6963a73d28700031e79f1a125abcb900d10663

SHA512
898403c67896741e6a805d79ba6aa081446037ab0d7e8713ad285b597111679bc74eea8fc730e9d1a3717e9ce79c5b2509d0beb742034ee3748c565681e3a229

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\DESCARGAS.txt

Filesize
760B

MD5
250c14e0cda8b1238d65606ced5b1859

SHA1
6c50644c03d717ac3fb72dea61f6d748b0a5e320

SHA256
550873252d950654e902df35dbfad07f70d28f0a943fc9952e219221587e723d

SHA512
04af6b0abfd453f6f1e8893e57203d46427c432d21947ecaae1067140ac9a7bc193d6a8f911a8b712c9328aaa42476b5bbc37cead6f82447f55f4a8f3555664f

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\15057.png

Filesize
177B

MD5
b49ecb45ed046dbcad8043eda671ee15

SHA1
fc08d29a510ddd0df88f349f937001924244472f

SHA256
1ca491c656d3442e559716173822e35896602cac9aab303ebf310c43a2d483f0

SHA512
4baf542a7ff81b21dcc9387516cf938bd07ce713ad07d2ba70f350d478ef3ef65721a93bed73cc3214927e7a9b4b6984c8e4ea939c3e5121e0453bf323619ded

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\15314.png

Filesize
957B

MD5
ebe97e78f856e2527343dca3f15253f2

SHA1
140fe1bb23083bc33de6d70433644bc99dbf80db

SHA256
ee9a28e86218710a0e10e1a4a412d9fde5b598322405e4a2c22935cda68ba500

SHA512
be01d8c7c0331ffa96ad4ff9485b20ab8546d712dfb9008bdf9a605a5abfee24f7e75cc02e0d383d75ebc3fb4e8e3fc1ed50ebaaf9649ffd1194277976ad3d95

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\15492.png

Filesize
8KB

MD5
fdc4b0e36901cef41df9a34fa49a2605

SHA1
0560b7deefbdb391e2242b5c23d0fe85864a520a

SHA256
9479b2b9a15b195c4e544c8194723bd4f835f6c8fcf08f2e06418f608b745442

SHA512
0dc0bf1f67425d00cb026f3cefb5eb9979570f899e8f94a0c5fa0098f03c540103eeedbbe4f3c58669d7004d8220c288fba7b151e42d8d98e79a218d2bdc0926

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\15526.png

Filesize
3KB

MD5
d13d8c945fa194b20b226ca119db2a70

SHA1
af6634cf7b0782f1f393b6cb631f4f6673b4567d

SHA256
e1437045f6d972bc7a9b5793df946aadbb1bd5a94d5d9c7467865818b33b063d

SHA512
12fbe2f90f251dbc326bf7a45521226842b126ac34ae4715bcd028fc7017afdeca9f5af4eb9250c00fb0a60ff0353ea73ba8b31c0a0596b9c4fa904a9e2b79d8

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\19075.png

Filesize
7KB

MD5
dbf010fd60194296124a33c3865a975c

SHA1
dc979b481b11ef7d173bac204bb072d5f12c689c

SHA256
6e79d4ff2fa5483f88dd8752d157a8a497f8b713782a008a7bcd38eb436ca391

SHA512
86dbe97587b0ad161316681251dce406a16b21b40c5a4663e658ac7bfdb8fda868491da97249956e1c0f2fd60601aeec3c8884b13934c4a3e27396477b2526b5

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\20005.png

Filesize
1KB

MD5
4f3a5c32fac087db9ff41b2e4931e48c

SHA1
4a9e83d30e7967c624f512b9d474e2912544edfd

SHA256
6fc88b6536757eeda4d36837367d486217cd07dd9de8ad06c00ae45a4cdcac57

SHA512
cfb3f08d2019880fa885ad1c53dbe97bb8edf490ada666b3951df60d324f1441c48b6649b8ca7dd8b2c47c6b70dbc2b3a788b063793400891a30d9443d8e0ade

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\20006.png

Filesize
1KB

MD5
48102ecfbd9d941013dac6b241ef2e99

SHA1
cf8a331e46dd534460fbafcbda4b8f8b063c1662

SHA256
8a26c1444bcb484b9426d09a21fb0ea43ef20486f0a384dd43bdc42f870b98b6

SHA512
b39711b8edb552007eac25c6966544d80eae0cb36b07a297172adcfde6341765f36b4a7bb5cb4e2f28a2db470515bafa83d544c788b30ac7cd479eded4b37f7d

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\20007.png

Filesize
1KB

MD5
58f6383dadeb445e9781f36e92aedce4

SHA1
4ce849f6900515f457158c2c7576d9611f8bd730

SHA256
41f18f3c978479c7c5e3906969617fd25e069ce7030066fcc19ff198cad21fc7

SHA512
4037f63a7e751abf61b7946ad373bc6621685b6fa3b19fc378625199f344b3006d22c0ba431df59b0f242bb21076e1f41ef2fbf0be582b6424a0b3fd68eb84fd

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\20008.png

Filesize
2KB

MD5
a6f81667210a70a1809d20ab2cfde477

SHA1
d7e17a83272f42b859be8bdad7b69a3ca50285eb

SHA256
dca55dbdb528d021a1e2150887f5a8b5a3a36db63e219083f6f4354163203879

SHA512
922d6906fddcefe89c607d4257f4c227e559d9d68d352b2c61bdf32a9c5e1f5d4131de8e88296d694d79f863928a546cd202027d92484b1c82d1dc13d36b2d56

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\20009.png

Filesize
2KB

MD5
e9d37b3e99583885130db171518dc31e

SHA1
c346cea650e83b9804e59006ec5eb1c7e072507c

SHA256
041329a5b833f5bf8b131ab2fdca1a089c84452141b422d297a132c8ff4699e7

SHA512
60dd5e79825c22f321b1a9e6e7fb6d8587a909ebecc1998bbdf549671aeb47882abd2113632b0ef84da59f55429dfdcf62de6cdc875f5bba405622d3a213a654

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\20010.png

Filesize
3KB

MD5
c6c9e0cfa0f95f678391e59fcce25d28

SHA1
d433d5bfe48f7a6508cc773136c66404f6ae48cc

SHA256
c5fd3c719af5746a47d82911e5e486241802132c0d0edef6bd72d8658dfda7cd

SHA512
2424a5423a2831eb1bf0b9af63a23ee1676cbafa0191db39b93d4e830d5b73ce582ded45baa4c0695a479e4e453401825c8a56f5e9efec483aa7c3fe2aba0a74

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\20011.png

Filesize
33KB

MD5
d2949ef66c82865b4ae7b1fea00c1c1d

SHA1
426a150171e399872d1f2508772040df47d741b3

SHA256
09d7188dde4657998d19ca011b45d149b8ea4a6d2b6af0de2e99591cfb6a014e

SHA512
14f97a6df512c28c2469871695333a40733e0d9fd612f28a00046cc5487601fd4e2f3410f946635972d1889b767353b3e9211b738f6106aed942f2b1dcceede4

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\20012.png

Filesize
33KB

MD5
77b309301429238b502bb64c10426459

SHA1
2015842298a8821a8a5c61bf640ed92ac957bf9e

SHA256
aa74788259c022acaf64ca3558c5f7d0aaf669bae55364a1e3493a4bf1b91827

SHA512
67b87701dbbfd89b14a3a34903b6eb6453a77ccb42e9818b3245e9b135d89b86d1f108e17a3d7123f2e33ccb101a68d28ba6c5bfbb0fc6ccba83752bd6c7b311

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\20013.png

Filesize
3KB

MD5
37adbb1c0a97ad07f3e67ad9ff55e7e1

SHA1
17ccbc3b6d0ccba5ae2b230bf7e3e337fcf52a52

SHA256
4360b07d241171c40cb39317daa8654a18da7f92ff213c44071db07faed53957

SHA512
124219f019d51ff00e0a772f1d787f10eabb58d0e5875d9358d2069708dcdc31471dc0d05eb021a8e4f08d06597f9b6c9647ee393061e250539bb0792782ff6b

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\3411.png

Filesize
182B

MD5
7180d97a8557b564f6d8db0de44afba5

SHA1
97f4da702c6cb8b23d4c686dfdcec19b78cf121b

SHA256
776bf0b6b56aae5d86036716c0b07d39663ab422a5cd9ff829c256ed24fb5400

SHA512
a34c3be6bead88f5620c8e44b49310e47fff69a91b3c00555623c834bae4c200cf827cddc71540a07510f23db865879315ae2e8ee9e6570056335e108b161305

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\5182.png

Filesize
481B

MD5
f7c7c724e298a087ae37dcabcbeb241a

SHA1
5443cae376b4d96a7ae3e81f5e27248dc8af7921

SHA256
c22244bfcb399588e053b71151f00bfeed37eec3eda90e3924aa1aa07dd82d2b

SHA512
3d9ceb35d0bb90bec0c987f79538a2809e3f740f23cb0b5dd53b58a6e404b574bab6e484f9e6bf7527f1e6abccc5a06fffb981c43c0c0e07fca7160a36add205

Download Submit
C:\Program Files (x86)\CoverAO\Documentos\Graficos\6539.png

Filesize
924B

MD5
4d528223d1daa11f054a5c1458391cc7

SHA1
8487d899130909db3e846c2111186dcef144dd3b

SHA256
49affd090e90d8f9500fde625e9a18216d358037766057efc02aed2efeec1c56

SHA512
31136eb14379cb72f0d376a9dc330c58780f66c3fdb5574e06194e4693b8cc28c37bd0de89c20461087eaa6c24e30b4eb1e16bb4530bfd03619f310a58b93fb5

Download Submit
C:\Program Files (x86)\CoverAO\Init\CovAoInit.ini

Filesize
731B

MD5
13c3bf1f1d35a1afb1fb90263c130a03

SHA1
bb7be9a29b1b058823d45da0f5dbc4896b6d29f2

SHA256
7276bff2e4244bc20ca6223bd3f868f1dfe0a749858ab6128d47c4970ab54900

SHA512
725de376fb125864b7b744250bd92b1c852f8be27790ea8bd617219d168b09ec933b3e77021941497122c20910ef3983f41496fc9c28135a922525eb104a5b1e

Download Submit
C:\Program Files (x86)\CoverAO\Recursos\Graficos.cao

Filesize
277.3MB

MD5
c282293ca96acfef98a84b7af0f262a3

SHA1
7a9c3b9829b25da6c4980ff05c0d54619fe68ec7

SHA256
c002ae49762235be79294234c27494edb49545ff856980085dda51f5f89ef02c

SHA512
d6bc97eb625c45657145625368ed48fdd36d716c272579e601a3a044266884f0b803f2b703e3a42b75aedfc17f7321e1b3514a45fc02175d70e2f25ae5f167e7

Download Submit
C:\Program Files (x86)\CoverAO\Recursos\armas.dat

Filesize
7KB

MD5
400e8538a75cd862e26cc9a18a3702d2

SHA1
df328c70df88cf10d4590d2f61102c7338883b37

SHA256
45ad47853c36cead35cf4daafb831b26f01ffb751cd100d0686bb027109539c8

SHA512
79b718ce0a4d17970b036e79f840e7e9d6ba040dc10312b20f5a165d9db90b99d6bfbcef4705c5577b2c87bc48dc98013cd704f7b5bfa16cd06330bcd809cd61

Download Submit
C:\Program Files (x86)\CoverAO\Recursos\auras.ini

Filesize
5KB

MD5
f5dec85f10d234b02114a2296168eff5

SHA1
e65df12b60e2593ae23969aa87f06ba2324d5ca9

SHA256
6d2ef4df178f704786cfa9e6d3b0d98aaab737b5769abbdf243d35dbe4b51e32

SHA512
fa68440057b330bab467feeffe968aa6059a4dde63fdb5d6c5792e9317675aa724dbe39ed1caf9869b678dec74dad96249619ea0bf5f17804603a15399af7ba1

Download Submit
C:\Program Files (x86)\CoverAO\Recursos\fonttypes.ind

Filesize
1KB

MD5
d0a0bc159bdc49cedb7cec0e298f63c6

SHA1
8e51d5fee2279da48d88df8c8c799158870d1084

SHA256
82bd4e037f96885dc43be3a36b01f482a2cbd3d9c29fb12c1f5ab5beec87a00d

SHA512
9d84df803b34216e982f58d4f118345b841cb0d597d3cc04022dd8362eb67d81f5ba19aee6999069edd3fa84d17f9ea92ec8e577c477927a4ea9e0d67d49642e

Download Submit
C:\Program Files (x86)\CoverAO\Recursos\locale_error_es.ind

Filesize
15KB

MD5
d24c400a6563bdb7ccdce5607652e347

SHA1
dff4085a6252b4a13d3a3113c4ed63de9ff282ca

SHA256
d90c03cc4db2d0806fc35010fdaf0a71f1552076b8c5231bdced673e262fc3c5

SHA512
286d0947da94eeb4c3eb12f0c6312d41a444603f477dc5e5c456ee88904266aa9d6d04426588e93588cb8a91dc45114c0def8fb39e81d79e671defcb2990c45c

Download Submit
C:\Program Files (x86)\CoverAO\is-I23S1.tmp

Filesize
10KB

MD5
cefd956a1ef122cda4d53007bab6c694

SHA1
b3e34e6b0c8beac8874d0b6414c5cfb5e0fb0b9f

SHA256
e31daad51d898d092145dd23783e979fad4ab087a9d877d21b250367f21f9200

SHA512
826d8966bfab4b56527608e4b0487b98420282f7fdd2e65c961781f14a8c9ed8e9a5beaec5c322f0fbe257645ba716247e2cff8f340e9361ea9399ec17874594

Download Submit
C:\Program Files (x86)\CoverAO\is-MIP76.tmp

Filesize
1.0MB

MD5
e52859fcb7a827cacfce7963184c7d24

SHA1
35c4ae05d90f610c0520933faaca2a8d39e1b2a1

SHA256
45b6eef5bbf223cf8ff78f5014b68a72f0bc2cceaed030dece0a1abacf88f1f8

SHA512
013e6bf4762b1f90650ee6a1cb275607d1cad9df481362f42606a37f3a6f63de5cd0cdb0e9739df141b58f67ac079cf27be4ffe4937371972dd14eae18c58a94

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SMOQD.tmp\CoverAOSetup.tmp

Filesize
1017KB

MD5
b9668b55d5cbfb1683c8855e01d126b6

SHA1
6db5b447a87898cef83ee3fac7f87421469e515b

SHA256
664ca66f612ba2829798d092fdb3ad9ed140cab5c22c44e85419801f60c8a2a5

SHA512
4bd94b74fd09f843075567a492a76047ac91f682d0bf284483097164eafd292284f13f6fdf14fad544c47fbc9a8bfe005ca975cf8334678b9c170df31c55bcde

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SMOQD.tmp\CoverAOSetup.tmp

Filesize
1017KB

MD5
b9668b55d5cbfb1683c8855e01d126b6

SHA1
6db5b447a87898cef83ee3fac7f87421469e515b

SHA256
664ca66f612ba2829798d092fdb3ad9ed140cab5c22c44e85419801f60c8a2a5

SHA512
4bd94b74fd09f843075567a492a76047ac91f682d0bf284483097164eafd292284f13f6fdf14fad544c47fbc9a8bfe005ca975cf8334678b9c170df31c55bcde

Download Submit
C:\Windows\SysWOW64\AOFX.DLL

Filesize
200KB

MD5
30872f62917115119f958ec5cd2b0639

SHA1
2ef65c916f7c5668f3a11cc8fdd3d589cc905a03

SHA256
872df909e79eeeb24ec740bbf00237a4ee44e78a8737260f4268b4ceb53cd104

SHA512
2486a5c8986d0b9cfdfe530f2d0b025ed73f594d905531fe96f88231ee35ef2e9203ac71f2da61a76cf4b291ff0108ae94648ad94d3fe9f3a7154b347a41f622

Download Submit
C:\Windows\SysWOW64\AOFX.DLL

Filesize
200KB

MD5
30872f62917115119f958ec5cd2b0639

SHA1
2ef65c916f7c5668f3a11cc8fdd3d589cc905a03

SHA256
872df909e79eeeb24ec740bbf00237a4ee44e78a8737260f4268b4ceb53cd104

SHA512
2486a5c8986d0b9cfdfe530f2d0b025ed73f594d905531fe96f88231ee35ef2e9203ac71f2da61a76cf4b291ff0108ae94648ad94d3fe9f3a7154b347a41f622

Download Submit
C:\Windows\SysWOW64\AOFX.DLL

Filesize
200KB

MD5
30872f62917115119f958ec5cd2b0639

SHA1
2ef65c916f7c5668f3a11cc8fdd3d589cc905a03

SHA256
872df909e79eeeb24ec740bbf00237a4ee44e78a8737260f4268b4ceb53cd104

SHA512
2486a5c8986d0b9cfdfe530f2d0b025ed73f594d905531fe96f88231ee35ef2e9203ac71f2da61a76cf4b291ff0108ae94648ad94d3fe9f3a7154b347a41f622

Download Submit
C:\Windows\SysWOW64\AOLIB.DLL

Filesize
20KB

MD5
91e6194561d3690a87993f3a8458d996

SHA1
fb9d7a56871c1d508b57db282d0169bb106855c6

SHA256
4f8c983e50bec081e4217cfcd23789b6749c2cad0d4df5136dff24c999f944fc

SHA512
baf7856ab18aa7dbe8bf807add7b124ce8fa7adce4845c2b1c87af874be8128fc8a1b65f9d5e503a86d62cc3ba6985814d265d610da8a0740d4f916b951e1496

Download Submit
C:\Windows\SysWOW64\AOLIB.DLL

Filesize
20KB

MD5
91e6194561d3690a87993f3a8458d996

SHA1
fb9d7a56871c1d508b57db282d0169bb106855c6

SHA256
4f8c983e50bec081e4217cfcd23789b6749c2cad0d4df5136dff24c999f944fc

SHA512
baf7856ab18aa7dbe8bf807add7b124ce8fa7adce4845c2b1c87af874be8128fc8a1b65f9d5e503a86d62cc3ba6985814d265d610da8a0740d4f916b951e1496

Download Submit
C:\Windows\SysWOW64\AOLIB.DLL

Filesize
20KB

MD5
91e6194561d3690a87993f3a8458d996

SHA1
fb9d7a56871c1d508b57db282d0169bb106855c6

SHA256
4f8c983e50bec081e4217cfcd23789b6749c2cad0d4df5136dff24c999f944fc

SHA512
baf7856ab18aa7dbe8bf807add7b124ce8fa7adce4845c2b1c87af874be8128fc8a1b65f9d5e503a86d62cc3ba6985814d265d610da8a0740d4f916b951e1496

Download Submit
C:\Windows\SysWOW64\DDEXv3.dll

Filesize
13KB

MD5
707f2bc690c2f8bea851d900cee44f94

SHA1
8a0098c4ab77d65d59a5b395778b45c5bac894fe

SHA256
b922053423d64dff7f8375973c3a79702f30c427ab751fc0b004d4bf615e8927

SHA512
12b904434a2a39a728a7c6b6405c0bab7f99e85dcc5840fe7842843fb7e42d96eb7080ff4c208bb42664b8acf05289b76471360e6970cfb3e80b6008df47b9bc

Download Submit
C:\Windows\SysWOW64\DDEXv3.dll

Filesize
13KB

MD5
707f2bc690c2f8bea851d900cee44f94

SHA1
8a0098c4ab77d65d59a5b395778b45c5bac894fe

SHA256
b922053423d64dff7f8375973c3a79702f30c427ab751fc0b004d4bf615e8927

SHA512
12b904434a2a39a728a7c6b6405c0bab7f99e85dcc5840fe7842843fb7e42d96eb7080ff4c208bb42664b8acf05289b76471360e6970cfb3e80b6008df47b9bc

Download Submit
C:\Windows\SysWOW64\DDEXv3.dll

Filesize
13KB

MD5
707f2bc690c2f8bea851d900cee44f94

SHA1
8a0098c4ab77d65d59a5b395778b45c5bac894fe

SHA256
b922053423d64dff7f8375973c3a79702f30c427ab751fc0b004d4bf615e8927

SHA512
12b904434a2a39a728a7c6b6405c0bab7f99e85dcc5840fe7842843fb7e42d96eb7080ff4c208bb42664b8acf05289b76471360e6970cfb3e80b6008df47b9bc

Download Submit
C:\Windows\SysWOW64\DDEx.dll

Filesize
60KB

MD5
c2c67eb17be991290b917bb1c486870d

SHA1
2f65b6fccf5d3ad6d4576208d546171672e11230

SHA256
1766ccc2f3e1ac6ffbf982329d1d0b3e28c1e032ac84fa6b16aa8493c39fa1a9

SHA512
53629373e3e4d45e440ab18354ca897b957ef30d9e41fa5429c47ee2cdca5ed593bdc4ecce01ff40ad1927983ee99dd0d9c13774288ae3ac255df6cdb0fe0a4c

Download Submit
C:\Windows\SysWOW64\DDEx.dll

Filesize
60KB

MD5
c2c67eb17be991290b917bb1c486870d

SHA1
2f65b6fccf5d3ad6d4576208d546171672e11230

SHA256
1766ccc2f3e1ac6ffbf982329d1d0b3e28c1e032ac84fa6b16aa8493c39fa1a9

SHA512
53629373e3e4d45e440ab18354ca897b957ef30d9e41fa5429c47ee2cdca5ed593bdc4ecce01ff40ad1927983ee99dd0d9c13774288ae3ac255df6cdb0fe0a4c

Download Submit
C:\Windows\SysWOW64\DDEx.dll

Filesize
60KB

MD5
c2c67eb17be991290b917bb1c486870d

SHA1
2f65b6fccf5d3ad6d4576208d546171672e11230

SHA256
1766ccc2f3e1ac6ffbf982329d1d0b3e28c1e032ac84fa6b16aa8493c39fa1a9

SHA512
53629373e3e4d45e440ab18354ca897b957ef30d9e41fa5429c47ee2cdca5ed593bdc4ecce01ff40ad1927983ee99dd0d9c13774288ae3ac255df6cdb0fe0a4c

Download Submit
C:\Windows\SysWOW64\LEEINIS.DLL

Filesize
26KB

MD5
8ea0e3f0f7acf5cae1441b14bb22bd5b

SHA1
444394f41354087a5603c2fc4ea628a19e4dbd20

SHA256
e43dc55b434f6f98e26c4701272d273d86d9808dedeb1541f91fc630bb3bfa42

SHA512
d30645a926547c8d00afc43ef4d9fd3e7d56a259cb97aa0e2c2e829db1633a5bbb6cccfa72a5d4f70c52c12658867c96576493125656b91a5aaa09387aed222b

Download Submit
C:\Windows\SysWOW64\LEEINIS.DLL

Filesize
26KB

MD5
8ea0e3f0f7acf5cae1441b14bb22bd5b

SHA1
444394f41354087a5603c2fc4ea628a19e4dbd20

SHA256
e43dc55b434f6f98e26c4701272d273d86d9808dedeb1541f91fc630bb3bfa42

SHA512
d30645a926547c8d00afc43ef4d9fd3e7d56a259cb97aa0e2c2e829db1633a5bbb6cccfa72a5d4f70c52c12658867c96576493125656b91a5aaa09387aed222b

Download Submit
C:\Windows\SysWOW64\LEEINIS.DLL

Filesize
26KB

MD5
8ea0e3f0f7acf5cae1441b14bb22bd5b

SHA1
444394f41354087a5603c2fc4ea628a19e4dbd20

SHA256
e43dc55b434f6f98e26c4701272d273d86d9808dedeb1541f91fc630bb3bfa42

SHA512
d30645a926547c8d00afc43ef4d9fd3e7d56a259cb97aa0e2c2e829db1633a5bbb6cccfa72a5d4f70c52c12658867c96576493125656b91a5aaa09387aed222b

Download Submit
C:\Windows\SysWOW64\LEEMAPAS.DLL

Filesize
22KB

MD5
1567a53deff8d618c6ce265d48b6136b

SHA1
728b89b747eeca20df2c53e3bbca477817d9b8ff

SHA256
911f26db2c7452e334dea6c0e31cbeceff1665ca6953b7f760fe78a497eea163

SHA512
aaf6c1c75c6e37c9d21bf991b633dca9b5e21898da20c9c2aa386a5cc35f60ae7e2a13f90769dc598d33bc8220ae7fc357ca3c179a2ec8f324d67afc2e8a4bfa

Download Submit
C:\Windows\SysWOW64\LEEMAPAS.DLL

Filesize
22KB

MD5
1567a53deff8d618c6ce265d48b6136b

SHA1
728b89b747eeca20df2c53e3bbca477817d9b8ff

SHA256
911f26db2c7452e334dea6c0e31cbeceff1665ca6953b7f760fe78a497eea163

SHA512
aaf6c1c75c6e37c9d21bf991b633dca9b5e21898da20c9c2aa386a5cc35f60ae7e2a13f90769dc598d33bc8220ae7fc357ca3c179a2ec8f324d67afc2e8a4bfa

Download Submit
C:\Windows\SysWOW64\LEEMAPAS.DLL

Filesize
22KB

MD5
1567a53deff8d618c6ce265d48b6136b

SHA1
728b89b747eeca20df2c53e3bbca477817d9b8ff

SHA256
911f26db2c7452e334dea6c0e31cbeceff1665ca6953b7f760fe78a497eea163

SHA512
aaf6c1c75c6e37c9d21bf991b633dca9b5e21898da20c9c2aa386a5cc35f60ae7e2a13f90769dc598d33bc8220ae7fc357ca3c179a2ec8f324d67afc2e8a4bfa

Download Submit
C:\Windows\SysWOW64\Msvbvm50.dll

Filesize
1.3MB

MD5
eac679185ad621eeace9b6b286372f27

SHA1
fba2529446d2955068d2268965a407d19ce3bf50

SHA256
4aef0066e8e4bad65018ec85d46b902303155ec2d8f049f3803e571005a90ff0

SHA512
8a9ac3ff45754466c794c37683537abaa5de66bce8cffeecafb98b8da2cb1651bed9e4870217cb94f5645b272b04e20705848d132fcd719ad9213fa5b9e50a81

Download Submit
C:\Windows\SysWOW64\Msvbvm50.dll

Filesize
1.3MB

MD5
eac679185ad621eeace9b6b286372f27

SHA1
fba2529446d2955068d2268965a407d19ce3bf50

SHA256
4aef0066e8e4bad65018ec85d46b902303155ec2d8f049f3803e571005a90ff0

SHA512
8a9ac3ff45754466c794c37683537abaa5de66bce8cffeecafb98b8da2cb1651bed9e4870217cb94f5645b272b04e20705848d132fcd719ad9213fa5b9e50a81

Download Submit
C:\Windows\SysWOW64\Msvbvm50.dll

Filesize
1.3MB

MD5
eac679185ad621eeace9b6b286372f27

SHA1
fba2529446d2955068d2268965a407d19ce3bf50

SHA256
4aef0066e8e4bad65018ec85d46b902303155ec2d8f049f3803e571005a90ff0

SHA512
8a9ac3ff45754466c794c37683537abaa5de66bce8cffeecafb98b8da2cb1651bed9e4870217cb94f5645b272b04e20705848d132fcd719ad9213fa5b9e50a81

Download Submit
C:\Windows\SysWOW64\TstDll.dll

Filesize
25KB

MD5
978fefa7cb1d5f840390697f66c9cbfc

SHA1
18dc743c4519ff4b7122f26ea337341e2ee29d2b

SHA256
643daec1ba0c3c9a132b1140b46cdb24f0677b863b814c64178bd23ccab2c5c3

SHA512
87b64fde9ee62a13b3ea4114280e145bb68fe811a71c09527b87f6b9a085bedfcfdefddbf4d750fb4234c357d28434edcd4ecdcdd5ae607d2d14dba8908dadfc

Download Submit
C:\Windows\SysWOW64\TstDll.dll

Filesize
25KB

MD5
978fefa7cb1d5f840390697f66c9cbfc

SHA1
18dc743c4519ff4b7122f26ea337341e2ee29d2b

SHA256
643daec1ba0c3c9a132b1140b46cdb24f0677b863b814c64178bd23ccab2c5c3

SHA512
87b64fde9ee62a13b3ea4114280e145bb68fe811a71c09527b87f6b9a085bedfcfdefddbf4d750fb4234c357d28434edcd4ecdcdd5ae607d2d14dba8908dadfc

Download Submit
C:\Windows\SysWOW64\TstDll.dll

Filesize
25KB

MD5
978fefa7cb1d5f840390697f66c9cbfc

SHA1
18dc743c4519ff4b7122f26ea337341e2ee29d2b

SHA256
643daec1ba0c3c9a132b1140b46cdb24f0677b863b814c64178bd23ccab2c5c3

SHA512
87b64fde9ee62a13b3ea4114280e145bb68fe811a71c09527b87f6b9a085bedfcfdefddbf4d750fb4234c357d28434edcd4ecdcdd5ae607d2d14dba8908dadfc

Download Submit
C:\Windows\SysWOW64\Unzip32.dll

Filesize
140KB

MD5
90c34787f181708dc15233e06a275cbe

SHA1
94bbbeede65e4c51c3c2435ad4a0378627e8a412

SHA256
6343b6c89d9dce1dd0c320d68a650ed053e31d3eecea75d376947c4cec222ff6

SHA512
eedc45e715a4232b5dab9b3d95ddec6ce526cc410066991e3dc3d26e4b2c68bae3b3e00096af2852a395c19363dbbe552b7795a330c357149a08e9c5ac391483

Download Submit
C:\Windows\SysWOW64\Unzip32.dll

Filesize
140KB

MD5
90c34787f181708dc15233e06a275cbe

SHA1
94bbbeede65e4c51c3c2435ad4a0378627e8a412

SHA256
6343b6c89d9dce1dd0c320d68a650ed053e31d3eecea75d376947c4cec222ff6

SHA512
eedc45e715a4232b5dab9b3d95ddec6ce526cc410066991e3dc3d26e4b2c68bae3b3e00096af2852a395c19363dbbe552b7795a330c357149a08e9c5ac391483

Download Submit
C:\Windows\SysWOW64\aamd532.dll

Filesize
10KB

MD5
cefd956a1ef122cda4d53007bab6c694

SHA1
b3e34e6b0c8beac8874d0b6414c5cfb5e0fb0b9f

SHA256
e31daad51d898d092145dd23783e979fad4ab087a9d877d21b250367f21f9200

SHA512
826d8966bfab4b56527608e4b0487b98420282f7fdd2e65c961781f14a8c9ed8e9a5beaec5c322f0fbe257645ba716247e2cff8f340e9361ea9399ec17874594

Download Submit
C:\Windows\SysWOW64\aamd532.dll

Filesize
10KB

MD5
cefd956a1ef122cda4d53007bab6c694

SHA1
b3e34e6b0c8beac8874d0b6414c5cfb5e0fb0b9f

SHA256
e31daad51d898d092145dd23783e979fad4ab087a9d877d21b250367f21f9200

SHA512
826d8966bfab4b56527608e4b0487b98420282f7fdd2e65c961781f14a8c9ed8e9a5beaec5c322f0fbe257645ba716247e2cff8f340e9361ea9399ec17874594

Download Submit
C:\Windows\SysWOW64\aamd532.dll

Filesize
10KB

MD5
cefd956a1ef122cda4d53007bab6c694

SHA1
b3e34e6b0c8beac8874d0b6414c5cfb5e0fb0b9f

SHA256
e31daad51d898d092145dd23783e979fad4ab087a9d877d21b250367f21f9200

SHA512
826d8966bfab4b56527608e4b0487b98420282f7fdd2e65c961781f14a8c9ed8e9a5beaec5c322f0fbe257645ba716247e2cff8f340e9361ea9399ec17874594

Download Submit
C:\Windows\SysWOW64\dx7vb.dll

Filesize
604KB

MD5
d9c8d1875bb39f8cee7c829f2ff719e8

SHA1
d17ed8f8a1aca800ec3446b7723363490a269a81

SHA256
10a75e490fd192533c6907cd8159c4911258cffdfc557dc35d3dd49c0b813f17

SHA512
c29ec047c2c533e08e5982a0f1e6c6636b8061557b3296ae43ebd46e61eb4e88f1b823a3d195be2d5cc3cf2e90c27994c673185312b8f1dcf371b4af99b831f3

Download Submit
C:\Windows\SysWOW64\dx7vb.dll

Filesize
604KB

MD5
d9c8d1875bb39f8cee7c829f2ff719e8

SHA1
d17ed8f8a1aca800ec3446b7723363490a269a81

SHA256
10a75e490fd192533c6907cd8159c4911258cffdfc557dc35d3dd49c0b813f17

SHA512
c29ec047c2c533e08e5982a0f1e6c6636b8061557b3296ae43ebd46e61eb4e88f1b823a3d195be2d5cc3cf2e90c27994c673185312b8f1dcf371b4af99b831f3

Download Submit
C:\Windows\SysWOW64\dx7vb.dll

Filesize
604KB

MD5
d9c8d1875bb39f8cee7c829f2ff719e8

SHA1
d17ed8f8a1aca800ec3446b7723363490a269a81

SHA256
10a75e490fd192533c6907cd8159c4911258cffdfc557dc35d3dd49c0b813f17

SHA512
c29ec047c2c533e08e5982a0f1e6c6636b8061557b3296ae43ebd46e61eb4e88f1b823a3d195be2d5cc3cf2e90c27994c673185312b8f1dcf371b4af99b831f3

Download Submit
C:\Windows\SysWOW64\dx8vb.dll

Filesize
1.2MB

MD5
63d4341ff59015a91d3a2aefb94e2deb

SHA1
0c41a54567f4fb3be1b8fcf09bd66f0558535bcc

SHA256
74ac3a4c95510ad7b9c885edb8630cb2c132128d71b43b3f56567a18a5026747

SHA512
baea5e7796f9d1b89e29ec1f099161ffc617e3694bff35b54f895c00697dc2135ae5b0edbe7b12606067e68623efeb51b43694c107322320cab7e1499c0cb125

Download Submit
C:\Windows\SysWOW64\dx8vb.dll

Filesize
1.2MB

MD5
63d4341ff59015a91d3a2aefb94e2deb

SHA1
0c41a54567f4fb3be1b8fcf09bd66f0558535bcc

SHA256
74ac3a4c95510ad7b9c885edb8630cb2c132128d71b43b3f56567a18a5026747

SHA512
baea5e7796f9d1b89e29ec1f099161ffc617e3694bff35b54f895c00697dc2135ae5b0edbe7b12606067e68623efeb51b43694c107322320cab7e1499c0cb125

Download Submit
C:\Windows\SysWOW64\dx8vb.dll

Filesize
1.2MB

MD5
63d4341ff59015a91d3a2aefb94e2deb

SHA1
0c41a54567f4fb3be1b8fcf09bd66f0558535bcc

SHA256
74ac3a4c95510ad7b9c885edb8630cb2c132128d71b43b3f56567a18a5026747

SHA512
baea5e7796f9d1b89e29ec1f099161ffc617e3694bff35b54f895c00697dc2135ae5b0edbe7b12606067e68623efeb51b43694c107322320cab7e1499c0cb125

Download Submit
C:\Windows\SysWOW64\ijl11.dll

Filesize
176KB

MD5
a0ce0247d48fecaac607edb1e2d87fd8

SHA1
346bf586bdf6ae4181c685fa74adf4524328d469

SHA256
5a0b1c4e5d91fd67a1ad23e5ce869899b79a7282cb6e5533dc5c074eb59306ec

SHA512
38a03530dfafe3030ece87dad7af28baff8e79f87618f1510bcb5b7f994632745dc70f9062ba6bdbcd408062786bbb3c37a53c21423d1f172663d9e57c232986

Download Submit
C:\Windows\SysWOW64\ijl11.dll

Filesize
176KB

MD5
a0ce0247d48fecaac607edb1e2d87fd8

SHA1
346bf586bdf6ae4181c685fa74adf4524328d469

SHA256
5a0b1c4e5d91fd67a1ad23e5ce869899b79a7282cb6e5533dc5c074eb59306ec

SHA512
38a03530dfafe3030ece87dad7af28baff8e79f87618f1510bcb5b7f994632745dc70f9062ba6bdbcd408062786bbb3c37a53c21423d1f172663d9e57c232986

Download Submit
C:\Windows\SysWOW64\ijl11.dll

Filesize
176KB

MD5
a0ce0247d48fecaac607edb1e2d87fd8

SHA1
346bf586bdf6ae4181c685fa74adf4524328d469

SHA256
5a0b1c4e5d91fd67a1ad23e5ce869899b79a7282cb6e5533dc5c074eb59306ec

SHA512
38a03530dfafe3030ece87dad7af28baff8e79f87618f1510bcb5b7f994632745dc70f9062ba6bdbcd408062786bbb3c37a53c21423d1f172663d9e57c232986

Download Submit
C:\Windows\SysWOW64\msstdfmt.dll

Filesize
127KB

MD5
1e27a0f62ebe8277c61b89c3747cc45d

SHA1
2418d725f55e885fed3248b39e7084f0de8a4dec

SHA256
74ef23860b9ed15587eae06670e83abac1928b502dad244875713d127d83a1df

SHA512
c174d7feef36c1e9150952169891ab368d60ecbd0780906b1eb671b96bceeca44f91688ba19705964e3afec002dfecfc664e196d4b58cfd320d28b927210aadb

Download Submit
C:\Windows\SysWOW64\msstdfmt.dll

Filesize
127KB

MD5
1e27a0f62ebe8277c61b89c3747cc45d

SHA1
2418d725f55e885fed3248b39e7084f0de8a4dec

SHA256
74ef23860b9ed15587eae06670e83abac1928b502dad244875713d127d83a1df

SHA512
c174d7feef36c1e9150952169891ab368d60ecbd0780906b1eb671b96bceeca44f91688ba19705964e3afec002dfecfc664e196d4b58cfd320d28b927210aadb

Download Submit
C:\Windows\SysWOW64\msstdfmt.dll

Filesize
127KB

MD5
1e27a0f62ebe8277c61b89c3747cc45d

SHA1
2418d725f55e885fed3248b39e7084f0de8a4dec

SHA256
74ef23860b9ed15587eae06670e83abac1928b502dad244875713d127d83a1df

SHA512
c174d7feef36c1e9150952169891ab368d60ecbd0780906b1eb671b96bceeca44f91688ba19705964e3afec002dfecfc664e196d4b58cfd320d28b927210aadb

Download Submit
C:\Windows\SysWOW64\vbDABL.dll

Filesize
204KB

MD5
7add5d0f3cd5ecce971d35ca0033c66f

SHA1
d4f9bd05bfd6b9846a04d09a305b9f17b5e21b61

SHA256
a2e871822db14fe1af1ace8554991052001186bfed6e6225577d325384498507

SHA512
79a67cd56dfd3f85d443c0e28da56c50224bbe31e7b18d3cc8a4f6a96ed2c4754f6d3c327ffe7e4d8a7e5107950c1ec750f49301797f21c0acb4cc39aff7d97a

Download Submit
C:\Windows\SysWOW64\vbDABL.dll

Filesize
204KB

MD5
7add5d0f3cd5ecce971d35ca0033c66f

SHA1
d4f9bd05bfd6b9846a04d09a305b9f17b5e21b61

SHA256
a2e871822db14fe1af1ace8554991052001186bfed6e6225577d325384498507

SHA512
79a67cd56dfd3f85d443c0e28da56c50224bbe31e7b18d3cc8a4f6a96ed2c4754f6d3c327ffe7e4d8a7e5107950c1ec750f49301797f21c0acb4cc39aff7d97a

Download Submit
C:\Windows\SysWOW64\vbabdx.dll

Filesize
44KB

MD5
4855f8357cd07932d51947ca0bcd1aee

SHA1
66231e4385f40a32a517d331134161d60bdf789d

SHA256
4e45f13ef6e24ef4c034844e30b3b14394276509f1cc3aed3c45613424a63615

SHA512
cfa0a28d495038a45a177b8a8aff6712c6183158392741deed462b53a6dc7a4f4aeb512622fdb97bf305dce60332183e5ef21b0bef7220b484aefa5d0c69be7d

Download Submit
C:\Windows\SysWOW64\vbabdx.dll

Filesize
44KB

MD5
4855f8357cd07932d51947ca0bcd1aee

SHA1
66231e4385f40a32a517d331134161d60bdf789d

SHA256
4e45f13ef6e24ef4c034844e30b3b14394276509f1cc3aed3c45613424a63615

SHA512
cfa0a28d495038a45a177b8a8aff6712c6183158392741deed462b53a6dc7a4f4aeb512622fdb97bf305dce60332183e5ef21b0bef7220b484aefa5d0c69be7d

Download Submit
C:\Windows\SysWOW64\zlib.dll

Filesize
72KB

MD5
4efaa53c545f4ffb1ee0ed1709c15ea7

SHA1
076b2d31e24fe8cfb56f9c292fd6ca1402be79b2

SHA256
21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00

SHA512
7fa8c0954729ea14fdceb788393c3de6e139fc4c480b84183863f62afacec2d6bbc0993b601a4a74c87bc89338b627dc37a18be309d090bae880ea10ab9d7314

Download Submit
C:\Windows\SysWOW64\zlib.dll

Filesize
72KB

MD5
4efaa53c545f4ffb1ee0ed1709c15ea7

SHA1
076b2d31e24fe8cfb56f9c292fd6ca1402be79b2

SHA256
21582b3a68e8753322a1b1c7e550ae7fd305de4935de68fbde9f87570f484d00

SHA512
7fa8c0954729ea14fdceb788393c3de6e139fc4c480b84183863f62afacec2d6bbc0993b601a4a74c87bc89338b627dc37a18be309d090bae880ea10ab9d7314

Download Submit
C:\Windows\system32\AOFX.DLL

Filesize
200KB

MD5
30872f62917115119f958ec5cd2b0639

SHA1
2ef65c916f7c5668f3a11cc8fdd3d589cc905a03

SHA256
872df909e79eeeb24ec740bbf00237a4ee44e78a8737260f4268b4ceb53cd104

SHA512
2486a5c8986d0b9cfdfe530f2d0b025ed73f594d905531fe96f88231ee35ef2e9203ac71f2da61a76cf4b291ff0108ae94648ad94d3fe9f3a7154b347a41f622

Download Submit
C:\Windows\system32\AOLIB.DLL

Filesize
20KB

MD5
91e6194561d3690a87993f3a8458d996

SHA1
fb9d7a56871c1d508b57db282d0169bb106855c6

SHA256
4f8c983e50bec081e4217cfcd23789b6749c2cad0d4df5136dff24c999f944fc

SHA512
baf7856ab18aa7dbe8bf807add7b124ce8fa7adce4845c2b1c87af874be8128fc8a1b65f9d5e503a86d62cc3ba6985814d265d610da8a0740d4f916b951e1496

Download Submit
C:\Windows\system32\DDEXv3.dll

Filesize
13KB

MD5
707f2bc690c2f8bea851d900cee44f94

SHA1
8a0098c4ab77d65d59a5b395778b45c5bac894fe

SHA256
b922053423d64dff7f8375973c3a79702f30c427ab751fc0b004d4bf615e8927

SHA512
12b904434a2a39a728a7c6b6405c0bab7f99e85dcc5840fe7842843fb7e42d96eb7080ff4c208bb42664b8acf05289b76471360e6970cfb3e80b6008df47b9bc

Download Submit
C:\Windows\system32\DDEx.dll

Filesize
60KB

MD5
c2c67eb17be991290b917bb1c486870d

SHA1
2f65b6fccf5d3ad6d4576208d546171672e11230

SHA256
1766ccc2f3e1ac6ffbf982329d1d0b3e28c1e032ac84fa6b16aa8493c39fa1a9

SHA512
53629373e3e4d45e440ab18354ca897b957ef30d9e41fa5429c47ee2cdca5ed593bdc4ecce01ff40ad1927983ee99dd0d9c13774288ae3ac255df6cdb0fe0a4c

Download Submit
C:\Windows\system32\LEEINIS.DLL

Filesize
26KB

MD5
8ea0e3f0f7acf5cae1441b14bb22bd5b

SHA1
444394f41354087a5603c2fc4ea628a19e4dbd20

SHA256
e43dc55b434f6f98e26c4701272d273d86d9808dedeb1541f91fc630bb3bfa42

SHA512
d30645a926547c8d00afc43ef4d9fd3e7d56a259cb97aa0e2c2e829db1633a5bbb6cccfa72a5d4f70c52c12658867c96576493125656b91a5aaa09387aed222b

Download Submit
C:\Windows\system32\LEEMAPAS.DLL

Filesize
22KB

MD5
1567a53deff8d618c6ce265d48b6136b

SHA1
728b89b747eeca20df2c53e3bbca477817d9b8ff

SHA256
911f26db2c7452e334dea6c0e31cbeceff1665ca6953b7f760fe78a497eea163

SHA512
aaf6c1c75c6e37c9d21bf991b633dca9b5e21898da20c9c2aa386a5cc35f60ae7e2a13f90769dc598d33bc8220ae7fc357ca3c179a2ec8f324d67afc2e8a4bfa

Download Submit
C:\Windows\system32\Msvbvm50.dll

Filesize
1.3MB

MD5
eac679185ad621eeace9b6b286372f27

SHA1
fba2529446d2955068d2268965a407d19ce3bf50

SHA256
4aef0066e8e4bad65018ec85d46b902303155ec2d8f049f3803e571005a90ff0

SHA512
8a9ac3ff45754466c794c37683537abaa5de66bce8cffeecafb98b8da2cb1651bed9e4870217cb94f5645b272b04e20705848d132fcd719ad9213fa5b9e50a81

Download Submit
C:\Windows\system32\TstDll.dll

Filesize
25KB

MD5
978fefa7cb1d5f840390697f66c9cbfc

SHA1
18dc743c4519ff4b7122f26ea337341e2ee29d2b

SHA256
643daec1ba0c3c9a132b1140b46cdb24f0677b863b814c64178bd23ccab2c5c3

SHA512
87b64fde9ee62a13b3ea4114280e145bb68fe811a71c09527b87f6b9a085bedfcfdefddbf4d750fb4234c357d28434edcd4ecdcdd5ae607d2d14dba8908dadfc

Download Submit
C:\Windows\system32\aamd532.dll

Filesize
10KB

MD5
cefd956a1ef122cda4d53007bab6c694

SHA1
b3e34e6b0c8beac8874d0b6414c5cfb5e0fb0b9f

SHA256
e31daad51d898d092145dd23783e979fad4ab087a9d877d21b250367f21f9200

SHA512
826d8966bfab4b56527608e4b0487b98420282f7fdd2e65c961781f14a8c9ed8e9a5beaec5c322f0fbe257645ba716247e2cff8f340e9361ea9399ec17874594

Download Submit
C:\Windows\system32\dx7vb.dll

Filesize
604KB

MD5
d9c8d1875bb39f8cee7c829f2ff719e8

SHA1
d17ed8f8a1aca800ec3446b7723363490a269a81

SHA256
10a75e490fd192533c6907cd8159c4911258cffdfc557dc35d3dd49c0b813f17

SHA512
c29ec047c2c533e08e5982a0f1e6c6636b8061557b3296ae43ebd46e61eb4e88f1b823a3d195be2d5cc3cf2e90c27994c673185312b8f1dcf371b4af99b831f3

Download Submit
C:\Windows\system32\dx8vb.dll

Filesize
1.2MB

MD5
63d4341ff59015a91d3a2aefb94e2deb

SHA1
0c41a54567f4fb3be1b8fcf09bd66f0558535bcc

SHA256
74ac3a4c95510ad7b9c885edb8630cb2c132128d71b43b3f56567a18a5026747

SHA512
baea5e7796f9d1b89e29ec1f099161ffc617e3694bff35b54f895c00697dc2135ae5b0edbe7b12606067e68623efeb51b43694c107322320cab7e1499c0cb125

Download Submit
C:\Windows\system32\ijl11.dll

Filesize
176KB

MD5
a0ce0247d48fecaac607edb1e2d87fd8

SHA1
346bf586bdf6ae4181c685fa74adf4524328d469

SHA256
5a0b1c4e5d91fd67a1ad23e5ce869899b79a7282cb6e5533dc5c074eb59306ec

SHA512
38a03530dfafe3030ece87dad7af28baff8e79f87618f1510bcb5b7f994632745dc70f9062ba6bdbcd408062786bbb3c37a53c21423d1f172663d9e57c232986

Download Submit
C:\Windows\system32\msstdfmt.dll

Filesize
127KB

MD5
1e27a0f62ebe8277c61b89c3747cc45d

SHA1
2418d725f55e885fed3248b39e7084f0de8a4dec

SHA256
74ef23860b9ed15587eae06670e83abac1928b502dad244875713d127d83a1df

SHA512
c174d7feef36c1e9150952169891ab368d60ecbd0780906b1eb671b96bceeca44f91688ba19705964e3afec002dfecfc664e196d4b58cfd320d28b927210aadb

Download Submit
C:\Windows\system32\msvbvm60.dll

Filesize
1.4MB

MD5
25f62c02619174b35851b0e0455b3d94

SHA1
4e8ee85157f1769f6e3f61c0acbe59072209da71

SHA256
898288bd3b21d0e7d5f406df2e0b69a5bbfa4f241baf29a2cdf8a3cf4d4619f2

SHA512
f4529fd9eca4e4696f7f06874866ff98a1447a9b0d3a20ef0de54d4d694e2497fd39c452f73fab9b8a02962a7b2b88d1e85f6e35c7cbcb9555003c6828bebc3a

Download Submit
C:\Windows\system32\olepro32.dll

Filesize
88KB

MD5
703ffd301ab900b047337c5d40fd6f96

SHA1
69de438ca22afa4ecf5f25edcdc3088f386f9552

SHA256
c09909b89183b89ba87cac8c5bebd0e995c5cb08cc9b9d1e88352103ee958857

SHA512
3fdaa351f6b8aa53b382b829637dc2ab1bbf14ca98619ef41e571b701379d3a727e32d36c05a6cf798fb81796298768f2ac7811ee9c00c8f6e6c8191ec85a605

Download Submit
memory/1212-317-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-195-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-6-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1212-9-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-328-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-10-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1212-165-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-314-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-167-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-309-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-169-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-203-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-197-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-171-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-193-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-191-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-189-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-187-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-185-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/1212-183-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/2592-312-0x0000000001410000-0x0000000001437000-memory.dmp

Filesize
156KB

Download
memory/2832-329-0x0000000002D00000-0x0000000002D27000-memory.dmp

Filesize
156KB

Download
memory/2832-361-0x00000000051E0000-0x0000000005205000-memory.dmp

Filesize
148KB

Download
memory/2952-330-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/2952-1-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/2952-8-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/3488-416-0x0000000002590000-0x00000000025B7000-memory.dmp

Filesize
156KB

Download
memory/4468-281-0x0000000000C40000-0x0000000000C67000-memory.dmp

Filesize
156KB

Download