e3fed0354551cb46c7e37a6ef6ac6f4032c941a68e51abe41801e7355c951b47

Analysis

max time kernel
150s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20231201-en
resource tags

arch:x64arch:x86image:win10v2004-20231201-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2023, 02:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

641926cd5b22c12d07377bfb0efce1b1.exe
Size

76KB
MD5

641926cd5b22c12d07377bfb0efce1b1
SHA1

2cda93feb643ba10aed6fba6716164f6690e9c5c
SHA256

e3fed0354551cb46c7e37a6ef6ac6f4032c941a68e51abe41801e7355c951b47
SHA512

3c5f88de15dc3e6579d9019471f0a035c9b73bc7eec9210c7c8cb2dc9c4eda951a85a647a871b1d07135db4a826474bda5df7ce7226305561906f349d4ebba91
SSDEEP

768:rm6sBSb82S1pCD4UGitYBOgxu6Ux3W/fZSMvKBvNSaE0RzpprXT+vg1uhslzpdOz:rmCb82Qo7t4pjh1vegGzLDFr4sSDe9O

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2192493100-457715857-1189582111-1000\Control Panel\International\Geo\Nation	641926cd5b22c12d07377bfb0efce1b1.exe

Executes dropped EXE 1 IoCs

pid	Process
1580	dismhost.exe

Loads dropped DLL 5 IoCs

pid	Process
1580	dismhost.exe
1580	dismhost.exe
1580	dismhost.exe
1580	dismhost.exe
1580	dismhost.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagwrn.xml	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setupact.log	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setuperr.log	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagerr.xml	cleanmgr.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	cleanmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 36 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
1368	taskkill.exe
4520	taskkill.exe
220	taskkill.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe
4576	641926cd5b22c12d07377bfb0efce1b1.exe

Suspicious use of AdjustPrivilegeToken 31 IoCs

description	pid	Process
Token: SeDebugPrivilege	1368	taskkill.exe
Token: SeDebugPrivilege	4520	taskkill.exe
Token: SeDebugPrivilege	220	taskkill.exe
Token: SeBackupPrivilege	1580	dismhost.exe
Token: SeRestorePrivilege	1580	dismhost.exe
Token: SeTakeOwnershipPrivilege	1580	dismhost.exe
Token: SeSecurityPrivilege	1580	dismhost.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe
Token: SeManageVolumePrivilege	4996	cleanmgr.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 464	4576	641926cd5b22c12d07377bfb0efce1b1.exe	93
PID 4576 wrote to memory of 464	4576	641926cd5b22c12d07377bfb0efce1b1.exe	93
PID 4576 wrote to memory of 4120	4576	641926cd5b22c12d07377bfb0efce1b1.exe	92
PID 4576 wrote to memory of 4120	4576	641926cd5b22c12d07377bfb0efce1b1.exe	92
PID 4120 wrote to memory of 1368	4120	cmd.exe	91
PID 4120 wrote to memory of 1368	4120	cmd.exe	91
PID 4576 wrote to memory of 880	4576	641926cd5b22c12d07377bfb0efce1b1.exe	95
PID 4576 wrote to memory of 880	4576	641926cd5b22c12d07377bfb0efce1b1.exe	95
PID 880 wrote to memory of 4520	880	cmd.exe	96
PID 880 wrote to memory of 4520	880	cmd.exe	96
PID 4576 wrote to memory of 372	4576	641926cd5b22c12d07377bfb0efce1b1.exe	98
PID 4576 wrote to memory of 372	4576	641926cd5b22c12d07377bfb0efce1b1.exe	98
PID 372 wrote to memory of 220	372	cmd.exe	97
PID 372 wrote to memory of 220	372	cmd.exe	97
PID 4576 wrote to memory of 3456	4576	641926cd5b22c12d07377bfb0efce1b1.exe	105
PID 4576 wrote to memory of 3456	4576	641926cd5b22c12d07377bfb0efce1b1.exe	105
PID 4576 wrote to memory of 4996	4576	641926cd5b22c12d07377bfb0efce1b1.exe	106
PID 4576 wrote to memory of 4996	4576	641926cd5b22c12d07377bfb0efce1b1.exe	106
PID 4996 wrote to memory of 1580	4996	cleanmgr.exe	108
PID 4996 wrote to memory of 1580	4996	cleanmgr.exe	108

C:\Users\Admin\AppData\Local\Temp\641926cd5b22c12d07377bfb0efce1b1.exe
"C:\Users\Admin\AppData\Local\Temp\641926cd5b22c12d07377bfb0efce1b1.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im RobloxPlayerBeta.exe >nul 2>61
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OneDrive.exe >nul 2>61
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:880
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OneDrive.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4520
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im RobloxPlayerInstaller.exe >nul 2>61
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3456
- C:\Windows\System32\cleanmgr.exe
  "C:\Windows\System32\cleanmgr.exe" /sagerun:65535
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4996
- - C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\dismhost.exe
    C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\dismhost.exe {12EE10F1-0D3B-4FE2-AEFA-2CF67F47669A}
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Suspicious use of AdjustPrivilegeToken
    PID:1580

C:\Windows\system32\taskkill.exe
taskkill /f /im RobloxPlayerBeta.exe
1⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1368

C:\Windows\system32\taskkill.exe
taskkill /f /im RobloxPlayerInstaller.exe
1⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\61

Filesize
59B

MD5
acbeec6e7fb744fa9bff0835ae5470f7

SHA1
7ca17a41618e273d65a2f85a472f2470930d606b

SHA256
08f52fa58df2e790ee12a71a0268005504bedd0e2cf6bffda939ab11c14e4bbe

SHA512
85ec0cbd9da5a03de6380b6f8ac1bdf1c9931f2c4e91c43cc93f5453eb7b3b018a76f78d0eb72cfa8475e20397999993525d16c937a9e18959caefcd5380481f

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\AppxProvider.dll

Filesize
1KB

MD5
5fc6576cbe608bd7eef674cfecb3ffd7

SHA1
547137ac68513883d1b632e7c2d647c0defce9c4

SHA256
f16ad7592d5b3bf97b058b62305b87c8624f9f1809bf6c45fb3076bc77f7ff30

SHA512
61e0e65ae958210c1e1686a19fd5bbaf52378526b28e233abe91603851cdfb949d22fd49108240940a47b7ee15282253eccb953044c3e602dbc769d02862cf32

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\AssocProvider.dll

Filesize
21KB

MD5
ef22d859a20019a17594b51176c77342

SHA1
2b8b052f90b183cc60623a35b6756e91979a9273

SHA256
5b3e3eb45e67d62ca6fc4b364931027a7e5bf5253bec1459b164a80557eb349d

SHA512
8f4bf37e959edf96eb99d39ebcc8a6c2a22466f35ca9c1faa7936f18dae1bfcd701c97eb8c7fbcc705fcbeed13afda2a25aa86b60dbf439c19e6782623942d6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\CbsProvider.dll

Filesize
31KB

MD5
81d4fc2818328fe1c91e58f8e874cf82

SHA1
00d5ec22435faab4bd5e0b0ad74dae0f6e39026e

SHA256
5f33e35f5189adb048d91ed5ce30859f3745fd1ca8767761de13f2440f0922b7

SHA512
50649e51ec368f2e22441a9013e2545af24ba517d0b0ea33bb5b5134d6e7b1b05245a84790af1a7a2f1c91db0046c3f84535d664a00f242eb376d5f745fcb2c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\CbsProvider.dll

Filesize
16KB

MD5
a29e66b75d36d42115bd7a8c20a41d31

SHA1
bb9e31298921b980e36b90729984bec4fc65bd40

SHA256
d03fdda8d7d875a01b0d750dff9034da8a61cc34c7f658d05d5e6d0dae3caa38

SHA512
c7ac534e114797f2370bb52f46f7eb953273dd145fc3418db00915f978f055f57d0c0af4f89a45cda6e687563f7594d85afbeab5708a434c5c677768752704ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\DismCore.dll

Filesize
2KB

MD5
9f563ed31e3c7ad405692bbfe2d90096

SHA1
4335dc0424f319338425ed396aa93df421deac5e

SHA256
4a198f09c329cd8ba615356429ec6a17dbf15fc9a50fc35605572a3552c4e567

SHA512
d51fc231295ad41baff0eb21d1a6ef6140d9abc312b08ac41287b4029899582ad7f0c97ea7b0f6feed9381332db0b74fb59f4fa805489cdc00015686b9e4dece

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\DismCorePS.dll

Filesize
100KB

MD5
16795df9cdad960c67e9bbab36ba28f6

SHA1
f865a9d903da9678ae9732bf935d9247f033a9de

SHA256
b612406251b25d934f2b9ccbd2c8357322d01cb8c2f145f54a4bd0b6c47a329b

SHA512
7c8fe790711ccb5dd06907ad04709ab3dc8e5b3c3885f0b5b5adbd0952b711c3b8edd54f52c2a546b899e4254edcd4ec1df9c888020db4fe395be40dabe82cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\DismCorePS.dll

Filesize
80KB

MD5
7b11679a1f1ee5357804ab08dcafa8dc

SHA1
0e6b149c7a7077ef2a901bbb15ca22a16827977f

SHA256
5b66fbc5a12c1883407ab8d1463b2077a7bd5f42b44f6ac075275e1e7428e8ef

SHA512
61c468c290d45619d6b38c034618b895581a80359ecd274d6d524a4f2364d41fb968956a693e407840bc47645b1c2e4fd81691be36fcebbd3b9e0dfed8e0cdc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\DismHost.exe

Filesize
51KB

MD5
c7f2970d1a83550c20a3622beda71bb7

SHA1
2ded246d8a8a765be82ad5c24be5913f468bcdf0

SHA256
e9c3be1e76d0b2c003b16564580999ff0de1cfe45c9b7085dc27685307c1e09c

SHA512
bb189bf8148eb0d43655a509db12b6fbec4ab46de9680041fe6cee52792caaa39353c7024be07b58a69d64c2aa73a15ebaa32615a0c88275cccbb057c4ac5b6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\DismProv.dll

Filesize
72KB

MD5
fadcfe7f4f1f14d638a6d95d5a008d00

SHA1
b0bb3ebfb0bbed2844cfe47fe6f5fe691c59734a

SHA256
cc77ad5a9dbaa08eb3566ec5ec57f3a3a48cff6de759a6b2f19f48d5114b7f94

SHA512
032cbefa592947b96ef4c32deec9dd64ade9687a52a6f8c95b484059944489fcc328c213bc1ec64b8237883f2366738448f6f7f41c860e22d42bf01dc37a0338

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\DmiProvider.dll

Filesize
222B

MD5
25b1e896e593d8efc6568189aa155f64

SHA1
0c808385e36d40cca95216a7711455ded1137a56

SHA256
23e4a8a922ba4c02630f3873e79a656015e3254359b18a2a0fb06e1ba3d9d333

SHA512
b4375507cac980a0665ab10b921cd29ccd9b49dba4dff3c9188447d3cd8369a68feb9630e772ec81d4ae5faf7ed9ac088b515e75148a03c1370c94fe009e78c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\FfuProvider.dll

Filesize
15KB

MD5
0213fefc36b4ffbd169aac04dc2892d5

SHA1
936609d17c5c7e93b9267b2f2d8f80de8d1cdb81

SHA256
be272af1d81e708f6c7e21b3af64e9699d440ce9b4a5392913cbc436b32512d4

SHA512
7931f78b0a47009fb6c01e9a12f762ec72ce25cbce36231ec062a763455eeac1ac72f9d47334b5ad4908459f6cdaaaf8c4427cfa709c778ccb811bd12b622340

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\FolderProvider.dll

Filesize
7KB

MD5
7f8f4ce27d5400b759ca13d19195c90f

SHA1
55a7a82559f84bbe7add113e576e27a3917337c7

SHA256
378625784316c460687f7ace1b5475414a63322b949d6d93caa0982a2286b42f

SHA512
cc7d8a176030d93e5a2324ce885b2f18481781a0cadcb4c3549709e4d5699584db08809fb69b75f5844f27b9c73b61332944d048f27c313fe26187fd6ebe5cf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\GenericProvider.dll

Filesize
19KB

MD5
19f62ec4d37f19775a225a9cc826b4f1

SHA1
931f617144f0b4a056b0d4b0c406372f83a9d178

SHA256
6c0d9c02a80aeaaa264a8e609f0d1a3d30d148aada8d47ee07c9dd8e81f9007d

SHA512
b2e99aa174b5724068933a689594b84e89e7a5e4199b07ccd3e8a6a1c02e787dfba9082e9b96ee6f2c08ee407fe1f62a378bd15e20a278960e983edf0827db8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\IBSProvider.dll

Filesize
2KB

MD5
92646a5c09c65cc18e8ba8704e11e255

SHA1
3a35c81e7dc6734adead89a770137fd905f506cf

SHA256
cf9fe336241f4504d65b10ed0959682b9982ad6712dc9efb5efadecf36bbb0fb

SHA512
7a7b6d976005c481a69f1ff8c00c9afe25ee23429c7cfcfd5d3754a9e9f007874c550f3f7ce94cd31cea941e7cfee654541fb0d694a062a8eef9da2c0798bcde

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\ImagingProvider.dll

Filesize
5KB

MD5
95cb0df4bbfa30536b7cb440a492e2ea

SHA1
b6441a53605aca4fac2ad3da1f773bb0ff0f65b5

SHA256
9dece6b978037d7f82b4c314ccef64cbf6ffd2183f23e7ac6d9120136d5f13a7

SHA512
68871f51d42264fc8127328234e2a025cefa94bc9f805228c9a1af99773c0083c89d161946e5955894c9932b4bcd7530db3f7ba42da7dc137e9ee92fc7ce561a

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\IntlProvider.dll

Filesize
19KB

MD5
075358dfc27b13e7c7d0a5a181cba659

SHA1
0c6a57e7fb08fe967cd08754945ae2c7fc77dc43

SHA256
99d308af34a8ec7756650386711f544f22504c3ca9334c502a1b78ab43f6d720

SHA512
5a9f39bc48477ba15401ad2120e699ea12c1128e5608ce893e6331e5034571f7258f1e4936e9175cf7afd50dc821dcb39f45c6bd4decd903f42891dec55ca0b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\LogProvider.dll

Filesize
36KB

MD5
ad16f6b094934f382bfbd8978aa25d3e

SHA1
bf9fc949a0493ea15fd3141ea8213c6643d679e7

SHA256
8b9175725f7b280d4fcb85d3bcbbf94a6634f28954727c36aaa91c34a18e30d4

SHA512
863ebdf5daafe1d24737b7ca9e36d831e82ee330976b615142f5672bf03682892d392c5ea9fb781da712fc49777e0fe9b50fe437ae912a849bf77ec990539d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\LogProvider.dll

Filesize
77KB

MD5
815a4e7a7342224a239232f2c788d7c0

SHA1
430b7526d864cfbd727b75738197230d148de21a

SHA256
a9c8787c79a952779eca82e7389cf5bbde7556e4491b8bfcfd6617740ac7d8a2

SHA512
0c19d1e388ed0855a660135dec7a5e6b72ecbb7eb67ff94000f2399bd07df431be538055a61cfb2937319a0ce060898bb9b6996765117b5acda8fc0bad47a349

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\MsiProvider.dll

Filesize
1KB

MD5
cc8fcf7f35a5de531e2fcebb97aa4752

SHA1
8b7b3b22c88a0141efc2ff96e4e9cdbf3678547c

SHA256
b09065bd55cc6bb54d485c4532455f60242c5861372b4dba715ccda0b295844d

SHA512
fca494ea196b6fee0d63a1ebb952da4f93510608973127d079750717f7644c356ca5feb9f77cc3e248f2001fe5a5d8000e0fad869174eb68faacd8d1b263c7dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\OSProvider.dll

Filesize
61KB

MD5
e47908276f8a10c0d35360722db2a3e5

SHA1
f94f51669656bba302d39a42b3f2d7d93eaadfd3

SHA256
6926c5ad568e869c087bcf52a519e7aa5d152b65cdfdbc5a08f69135f061f124

SHA512
e9291686b1917ebaa972abb3ab2e4810dad9f483cae448a084ec83a423801d3c1d21f9cd6963e7cd66f04846c9dc792097c9a920b84ec99bf67088766b6875b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\OSProvider.dll

Filesize
145KB

MD5
cc3a7fadeb95e6d38cef015a22c6d302

SHA1
67a781d6ed8c20f0cd0fb1bfe03fe4be2b7c2901

SHA256
81afe7f31b39eb2e2b7b5fb9a3c9e2d5121a76545c1f2d989aecf6f43884aad2

SHA512
07fa4c96439bbf8e88db728ee14c3ceebeabf6b8cfd48c133ad3ff7ba522c72bf807b3e9de973be6cbb43c141c2268fa4048551f530ce733e5f16293b1e1771a

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\OfflineSetupProvider.dll

Filesize
46KB

MD5
8475001d5e7807e8cc03feed6e621ada

SHA1
314c39f744a625fc0c8f95b60187d55e6a0010aa

SHA256
9ec3bd58a2f9fd278814dc89bc9285cd9a678662ed3d171f05fd3f82b25dc858

SHA512
8dd0bde7559ed938902847d1c0be0d012e5b5133cdead2622c65139adeaa58da40b7dbcdc5267aca393967137f1dcaec1a3a111b21b428e03e2fd0ca3366165c

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\ProvProvider.dll

Filesize
1KB

MD5
b04caaeae45bbe415a38bea3d46a4420

SHA1
11be10c19203064a5f0e8631047d3035ac6c5f9f

SHA256
637a5214f6d990f4afc871c65c2634408856d435df4f6023546f01b591a8c8d5

SHA512
135b0d3a296071c5f27070ae3f8de3be45cf6d1746036bea82049b6dc598013ac7d4f830074b81987adcdd08656cedb172ae93031b26f3243b1ffeee4ea8d50d

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\SetupPlatformProvider.dll

Filesize
1KB

MD5
bae297f65b0d62da2d5720a9eaaab15f

SHA1
a6b87aac8ea0fc47dfae7bc892877971fb77d656

SHA256
1e4512bd46906dcedec521dfcbd95870505d5068f952cad3fdee4b06519a4a69

SHA512
cffdec35e28b5813f8bfad607e29b1fd49affb1e22dc14a8b69a6d0e665b671098b09dbef25a94af2dea3ae3a4e32d0c02a2987de02a99d1c19b94871a2824cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\SmiProvider.dll

Filesize
37KB

MD5
f3f584229f2916ef0d9e2436c57ca8d7

SHA1
09fdc6c79a46f5bf267f7709172d260142b5dd9d

SHA256
5d254a6d551a6aa8ce6c89ace7d7031a7e4ff80bd66810fb69812d711909e2de

SHA512
3bebc0361d857adc9f7c80f1119aedded95bd23de92ca3155d909ccf464736637ad93c592b892d70e9a38d8a2a05d95f8fb956509c38c369005b7f931a3e55dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\SysprepProvider.dll

Filesize
48KB

MD5
9217db76775f4fbec2521d39ed174a70

SHA1
9b2f6d8e448eeb291b5d44564d160e71e63168ec

SHA256
303bc169d37ad1022e3a0bc20287033de2b8444a6fae2d9586db09b6f920cdee

SHA512
02d55eaf90716994add0fce8d1b15f9e50e3e40d0f74542fbb4d44abc792379278befa661c30f931e83c4861dd32b0de512cbd3049138a0651b32fdec8fdf51e

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\TransmogProvider.dll

Filesize
120KB

MD5
d8fc194f73bb67e4f14ccb23134d4d75

SHA1
11a7d4be4c33ba0e751803a88a0af6f3814f3f84

SHA256
ab7565ceee8bfc237faf95c196f12404a7cb0f611940142a9c4356cc210e23e4

SHA512
ee6a8cf2bfe659c4cace96dc21b9f108f1c7022e51c44dffaa4131378d28d30ce49a526409af292f37ed14d020c30bf486c49830aaad0d56af5832b840140891

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\UnattendProvider.dll

Filesize
44KB

MD5
5624848cd37c14d261b0451b85d2305c

SHA1
304dd9130453944506a4f057bf196d72a7a441d5

SHA256
f97a50973c15ac31a0df0bb12c94514b90feb5bc3621e56cc2f1aee856ef34ef

SHA512
7c6b7b0efdb7df0fcb85df999f70568919a4b0b8a969e1853a2671ba07d3ba99a93573ae3060d0bd0ead80d440d1acf3f071599a9a5acfb8ae77d5ee675fa9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\VhdProvider.dll

Filesize
23KB

MD5
87ac335784de924a9adaf8958a3fbcec

SHA1
c93d1f698821c7b2a50fe0c2daee64bc4ab5e4af

SHA256
6423de4766d121aeb4fdde4ff339774eebaa8c1bf90e65ed0bc27f4db211c1ab

SHA512
067aa39b3839d9160b32a68b33eb1c1f8ae7513dee6068b2c84f1a1f63680e279ce4a51aa59ae7ebc7f94b8e24dcac7bbe63e1caffe817cecbac920efd6877f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\WimProvider.dll

Filesize
5KB

MD5
59a9bedd97275d5e60c450d1f537ee5a

SHA1
5d9731d5acb20ba0ae4180ab87375e353080d2f4

SHA256
8aaca9c2a4898b31fe1825fdfc0247ed7aa73692225f2cc8ae41b9bb1ccf1226

SHA512
93ba48d69f63d2eb3c1bdcd9c3494f122f6e0705affda93cd46b3ae51d903e4969ea70487ae56c73df85389c5758ad75e9f08cdf5a24130827b60915faa2ab97

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\dismprov.dll

Filesize
73KB

MD5
d83798f0d66d62e2a345f86375eee484

SHA1
a6c9db4ba0a912d79b008e9340800d17211d238f

SHA256
4e74ea404856e784a7805358649d15d1307ee8af05c779a6ec80cf2c75609b43

SHA512
b071d8019a9c25e068dce9e1ee1f28a16799554dba0a69040b4829660ae9c2dcd0c4cbd172c85cbf206dd5f1b8fd97df24c7bd3fc17d60383890f5fe777a77fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\AppxProvider.dll.mui

Filesize
2KB

MD5
ecddf9f2c7c85d87a09c80fe63c4215b

SHA1
2a25414e20b2d536c3904c3c3c3f841ccad790f1

SHA256
1e93f5291b669bfba0a54f058dc1985748f4f8cbebea491bce6194d6efb3df70

SHA512
1914941c774f8d354b49594786bc91458ae158d2c7808ed2da7bf1360397c35cb05afd762873cdcd4bcf2f17006d4fc471bb4a129a3243c289de82453690dbff

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\AssocProvider.dll.mui

Filesize
8KB

MD5
8833761572f0964bdc1bea6e1667f458

SHA1
166260a12c3399a9aa298932862569756b4ecc45

SHA256
b18c6ce1558c9ef6942a3bce246a46557c2a7d12aec6c4a07e4fa84dd5c422f5

SHA512
2a907354ec9a1920b9d1d2aeb9ff7c7314854b36a27f7d88aca17825e74a87413dbe7d1c3fde6a2410b5934f8c80a76f8bb6b7f12e7cfc643ce6622ca516d9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\CbsProvider.dll.mui

Filesize
31KB

MD5
0d9fc8070c44d3fd7a5ea14be474a7ce

SHA1
89193b0185e7bc98d479dcffb531167691126e7a

SHA256
2b5995ea6d4c98b64c297acca4d586969ce7fa7f8d1184e64e3916fa53d6cfdc

SHA512
9768a26ddf750becafa79dcdcfc791afcd2c85f799be34ff2ba73d70dc56801311037603d3fb2069dddf23a43fb89cc60640591be2f968e582a26d5e04e26255

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\DismCore.dll.mui

Filesize
7KB

MD5
7a15f6e845f0679de593c5896fe171f9

SHA1
0c923dfaffb56b56cba0c28a4eacb66b1b91a1f4

SHA256
f91e3c35b472f95d7b1ae3dc83f9d6bfde33515aa29e8b310f55d9fe66466419

SHA512
5a0373f1fb076a0059cac8f30fe415e06ed880795f84283911bec75de0977baf52432b740b429496999cedf5cca45efd6ef010700e2d9a1887438056c8c573ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\DmiProvider.dll.mui

Filesize
17KB

MD5
b7252234aa43b7295bb62336adc1b85c

SHA1
b2c42a5af79530e7cf9bcf54fd76ae9d5f234d7f

SHA256
73709c25dc5300a435e53df97fc01a7dc184b56796cae48ee728d54d26076d6c

SHA512
88241009b342eb1205b10f7725a7cb1ec2c7135606459d038c4b8847efd9d5e0ad4749621f8df93746dd3ba8ab92d1b0f513ed10e2ba712a7991716f4c062358

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\FfuProvider.dll.mui

Filesize
9KB

MD5
dc826a9cb121e2142b670d0b10022e22

SHA1
b2fe459ede8ba99602ae6ea5fa24f0133cca2bc9

SHA256
ba6695148f96a5d45224324006ae29becfd2a6aa1de947e27371a4eb84e7451a

SHA512
038e9abff445848c882a71836574df0394e73690bc72642c2aa949c1ad820c5cbb4dedc4ee7b5b75fd5ac8a43813d416f23d28973de7a7f0e5c3f7112da6fe1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\FolderProvider.dll.mui

Filesize
2KB

MD5
22b4a3a1ec3b6d7aa3bc61d0812dc85f

SHA1
97ae3504a29eb555632d124022d8406fc5b6f662

SHA256
c81a992ecebd9260ff34e41383aaca1c64a9fa4706a4744ac814f0f5daa1e105

SHA512
9329b60a60c45b2486000ed0aff8d260fdac3d0a8789823eaa015eab1a6d577012f9d12502f81bad9902e41545c3c3e77f434bc1a753b4f8430d01db2cdbe26c

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\GenericProvider.dll.mui

Filesize
5KB

MD5
d6b02daf9583f640269b4d8b8496a5dd

SHA1
e3bc2acd8e6a73b6530bc201902ab714e34b3182

SHA256
9102fa05ed98d902bf6e95b74fdbb745399d4ce4536a29607b2156a0edfeddf0

SHA512
189e87fcc2902e2a8e59773783d80a7d4dd5d2991bd291b0976cbd304f78bd225b353703735b84de41b5f59c37402db634c4acc805d73176cde75ca662efff50

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\IBSProvider.dll.mui

Filesize
2KB

MD5
d4b67a347900e29392613b5d86fe4ac2

SHA1
fb84756d11bfd638c4b49268b96d0007b26ba2fb

SHA256
4ccfe7883bce7785b1387ad3872230159899a5337d30a2f81a937b74bcbc4ce5

SHA512
af0a2a3f813e1adfff972285c9655f50ce6916caaeff5cb82f6c7d76491ffc9b365a47f19750fc02d7122182bf65aae79ed167886c33f202d5a781ab83d75662

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\ImagingProvider.dll.mui

Filesize
1KB

MD5
731601069e210e45f427676335925e2d

SHA1
92855bdbc0ec0f6e65ca7c15b6c81e3ac4187bc8

SHA256
352e735cc9f59dc5e8c70ff311775748ba1df11d84780f334767ecc4463890d3

SHA512
c4a419743c31cc5c37b78c55b9cb7f5387f392d4de9ced3152daa3d19c5032609acde0905f46610585861c8bb9a7fe4209f77d3a48d03d14adc82f74dad0488e

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\IntlProvider.dll.mui

Filesize
1KB

MD5
73d8111d50f7ce23a56d30e9000b86a2

SHA1
0da09e0c43ccadc1375077fe7b2cae5cfb4ddc3d

SHA256
0d0c3c57f52cc45fdf1c0a5d5075d35613a5a73626ac08ad7a6c0d3acc97e510

SHA512
ae8ddbb80439ecfa64fbb843169e968b7dc8047214e920c21680db0398aef6471010ebffa6820cf10f8553007f9f36e5618260343490e3162647d63a92b92112

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\LogProvider.dll.mui

Filesize
6KB

MD5
8933c8d708e5acf5a458824b19fd97da

SHA1
de55756ddbeebc5ad9d3ce950acba5d2fb312331

SHA256
6e51af7cfda6be5419f89d6705c44587556a4abffd388020d7f19e007e122cd6

SHA512
ead5017d9d024a1d7c53634ae725438ea3a34eed8c9056ebbc4ebe5aab2055c0e67687ce7608724e4f66f55aa486a63024967b76a5638cde3dd88b3d3432ca1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\MsiProvider.dll.mui

Filesize
15KB

MD5
c5e60ee2d8534f57fddb81ffce297763

SHA1
78e6b0e03c8bf5802b3ef429b105d7ae3092a8f2

SHA256
1ec7b04a8c25812db99abec82c7b7bf915ae3f7594c5d071231cafab9c1fa145

SHA512
ce654295e8b16da7bd004453ae4a422fe8296a8c2343e56d819883b835c391a02537ecf4d155a281a9d38f2291ee0004506b7fd48a99c0f8881ff1e38ae8ebcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\OSProvider.dll.mui

Filesize
3KB

MD5
0633e0fccd477d9b22de4dd5a84abe53

SHA1
e04fb5c3acb35d128c1ea6ee6fb0e9b3fe90d5a9

SHA256
b6758aba17f6cd74923ca0976dd580222851ef6435cd16b3b2b04e85280ce706

SHA512
e95ed1d8069d6f200f0a2ea8dd7688404af9db9ce5e229afcb625a1f9eb46ac9e7a1c2c4c5ce156b190514415679e82e213732e8e890ed1a89af9026e4e73fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\OfflineSetupProvider.dll.mui

Filesize
2KB

MD5
015271d46ab128a854a4e9d214ab8a43

SHA1
2569deff96fb5ad6db924cee2e08a998ddc80b2a

SHA256
692744ce4bba1e82ad1a91ab97eec2bac7146bc995e8e8ed59bc2c7d366af7ec

SHA512
6ba678da0475a6b1872c2e2c151b395a4d97390bed4671d3f918aab5e69cbc9ceafe72c3100ba060ac6586fd37682499fdeef7d7b1ab10f5ec2411c1438ed438

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\ProvProvider.dll.mui

Filesize
4KB

MD5
b8a8c6c4cd89eeda1e299c212dc9c198

SHA1
f88c8a563b20864e0fc6f3d63fadda507aa2e96e

SHA256
50ad19e21b6425d12aa57cd4656748877db1f147189ec44abb19ba90be8505ea

SHA512
4a6f0dac5b3b18e4942ce5f51b566ce3ba465baa43457384ee785d1c0e7c33f9b9396a143aac0398a34e4e2f7d704ba06d3cc68761fd3cb6f53f4043a906e475

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\SetupPlatformProvider.dll.mui

Filesize
5KB

MD5
73e78fbbf6e6679fa643441c66628d37

SHA1
57b70e6226c0cf3f8bc9a939f8b1ec411dedeff5

SHA256
5d4dfc9bde18be1ec0b3834a65de6abab581e04c8c4f66ee14a62fb4b1b4cd06

SHA512
a045a6cdf9ca989b3ed9a50cda208affa17372f65b1d86e1bf4c10b5d5e3fee58c5d4b8ec0749a54e2e2156ed0e9776b59a8d3b78f062349873cb574ab3f77fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\SmiProvider.dll.mui

Filesize
2KB

MD5
f32e38247d0b21476bbfb49989478f7e

SHA1
b950fd72ea2a6a94ee049454df562aed79ca1e35

SHA256
a1a302e940f6d6718700737b787af7a2053ef68b5ea2ec61497e7ae2444c5835

SHA512
f483807d790a4bc3e68d6d1f986bd4a57b4a67c91fb3dbef88220a4b510f11d1190cdd98a857eb1937e921e668dff2bcb5e4a7df640b1f3639ce6d2239ff8106

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\SysprepProvider.dll.mui

Filesize
3KB

MD5
93d076056dd01dfc64d95d4c552a2dff

SHA1
a90fd06a62c6d63d87e00f5f7e9646b44d2c726a

SHA256
4389362a9dc662aa3c7a1d830498472bc586e00f0d269a8541975a34b03a1aa4

SHA512
b089574d4be0ccae205219c9e256de34c039081a547f05acfe4165d036b175de5d9676160effc3c19d87bbb41d0f415da598e507ed8f7b302cdbfdfb81f694ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\TransmogProvider.dll.mui

Filesize
16KB

MD5
2138fda89b1a5a18b32aed1d8762cde5

SHA1
a476f7dc86e62c7dc0edf27bb778174348cac566

SHA256
a75288f9e83cccf2a6a644ff78e6c26dadd5772a2626f80120b81975664e7dab

SHA512
d7cbf569b5d57730c81fc121e92e1042a37e07922c02f36efac3769622f40234c70dafe9ed88a659d90c3855b5240f67f99b55ddecc46eea0e28e5b80ecc820b

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\UnattendProvider.dll.mui

Filesize
5KB

MD5
8acee3337dfd444254bb8abdd3c29ada

SHA1
25d98d3426f32fa199c026b6eb829b469609b2e3

SHA256
11f7957b8cc57dd7176f62b0612e658d6588b7caa8be4db3a337953b02b98c24

SHA512
2849978060fa6e1fcfa37c870ae59ef22a67c0f8653468e07803422497fcc7275409ed0c36fe2d8e88026c13c82705abed771b4492761eead24cb5c32bdf2ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\VhdProvider.dll.mui

Filesize
4KB

MD5
b43043d34d64997e2ebfb5f958d11d0d

SHA1
06c300250c0e13b41b0f9eb755864ca20e3125a4

SHA256
9ba76eaff383812cc389a946f3194fdb8ffaccb3cf6981124b6a4d7c628ec0a9

SHA512
346c189cec1010200d6dd3988c4668fe028c73db1f23beb38f3f62b7f005dcba9938d4c72e98a5fb21ddad7b39f4b794a1e487d9504a5c572226a7a1a58390c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\WimProvider.dll.mui

Filesize
24KB

MD5
f88783ba3415fc0c391a92c2ee510c74

SHA1
1911d7822e0a02a43f4dc13dc18a2f0f1c4f0877

SHA256
451ccd37d7525e4f0852ca794611b87b40d148887daa3a4d420ab022906819b9

SHA512
e987b826309abdb7f0da9cc6950ddfa17e77565f5d8f5e14491ce289d5e102c8a3e57b8ae5bdf3a6ea54bd7575c4a9949e3763cf766ff94f936ebd73ae596bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\C81DE1DB-6872-44FB-B7A1-60EB67C64C68\en-US\dismprov.dll.mui

Filesize
2KB

MD5
7d06108999cc83eb3a23eadcebb547a5

SHA1
200866d87a490d17f6f8b17b26225afeb6d39446

SHA256
cf8cc85cdd12cf4a02df5274f8d0cdc625c6409fe80866b3052b7d5a862ac311

SHA512
9f024aa89392fbbbabe62a58857e5ad5250e05f23d7f78fc9a09f535463446796dd6e37aab5e38dfc0bf5b15533844f63b3bddcb5cb9335901e099f65f9d8002

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
62KB

MD5
b7c724f515f951fcf63744762c37a0c6

SHA1
5b17f44017870f641d429de6407f93754a1fd4cf

SHA256
baa15784376a16606d8a3d614c7dade5245a4facf5a6dd7a455c0597393c2786

SHA512
b88199d4873795dd4def53d35d9c15d97ab05b9d4b18ff1ac2f2a94e1671c0df836e022a2f62adc74a8bdeca88561325b9fea716223dff1efe2e6988aed59a4f

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
32KB

MD5
68353bfd664a8c42ebbcc2f10b24de1a

SHA1
e6f0fe9bc822ba362811264ff8cf34c5208930a6

SHA256
f969287188c4b7cc91b7656087053f01c5657a3154ea17c2d41d09a5f5360e35

SHA512
7869d245a8913d46f3402cbd8e24d8c2676c03dcc59928027a0f0f1432bf1873d22cad836da45f11180032e97c5d5cb5e34fe93af86802edc831886d9c421c34

Download Submit