Malware Analysis Report

2025-08-06 00:04

Sample ID 240223-l2ql5afa85
Target AULA F75 Setup v2.0 20230923(1).exe
SHA256 53c05f8669aa0bb2fd950650ea845e9410205f5d543fe192c6c3563fc46cc1ce
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

53c05f8669aa0bb2fd950650ea845e9410205f5d543fe192c6c3563fc46cc1ce

Threat Level: Shows suspicious behavior

The file AULA F75 Setup v2.0 20230923(1).exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 10:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 10:01

Reported

2024-02-23 10:03

Platform

win11-20240221-en

Max time kernel

41s

Max time network

47s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AULA F75 Setup v2.0 20230923(1).exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-M76P4.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-SV0JP.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-TAI9Q.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\other\is-31L9P.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-1C3LT.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-DO3BL.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-3F1HD.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-TCIK5.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\navi50x50\is-PTMMU.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\other\is-O46E5.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-S6D6A.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-O8A1B.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\Dev\kb\wired\Cartoon\is-Q8EI5.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\navi50x50\is-L13O2.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\navi50x50\is-JKNJN.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\Dev\kb\1\Cartoon\is-JV74C.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\Dev\kb\wired\is-ECOT3.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-E2BNJ.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-5O4BB.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-RKN6R.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-SF2TO.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-2B611.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-MFOAM.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-J1V48.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-HQTPR.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\is-PH4LJ.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-AAF0C.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-UVEVM.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-FJTK8.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-JNPUP.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\other\is-HQPEI.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-V4RB0.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-BS33N.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\navi50x50\is-P8Q9E.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-Q767F.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\other\is-T3O40.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\Dev\kb\1\is-5H2RR.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\is-CN4ES.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-CJ87R.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-02OHT.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-Q93BB.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\Dev\kb\1\is-U3GR3.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\Dev\kb\wired\is-2E867.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-C887P.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-6BK4O.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-5DS3R.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\navi50x50\is-PNBGV.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\other\is-3HL73.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\other\is-UDCAE.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\Dev\kb\wired\ET\is-2M8KI.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-HMFUT.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-FAGOT.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-2IDUT.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\navi50x50\is-75Q6K.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\Dev\kb\wired\ET\is-AMTBF.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\fun55x55\is-3TCMJ.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\navi50x50\is-V68HF.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\navi50x50\is-PETCP.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\other\is-64LTI.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\Dev\kb\1\ET\is-JVIGL.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-SJNTV.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\is-T25QG.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-C4F79.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A
File created C:\Program Files (x86)\AULA\F75\skins\icon18x18\is-6U9DI.tmp C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp N/A

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\AULA\F75\OemDrv.exe N/A
N/A N/A C:\Program Files (x86)\AULA\F75\OemDrv.exe N/A
N/A N/A C:\Program Files (x86)\AULA\F75\OemDrv.exe N/A
N/A N/A C:\Program Files (x86)\AULA\F75\OemDrv.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AULA F75 Setup v2.0 20230923(1).exe

"C:\Users\Admin\AppData\Local\Temp\AULA F75 Setup v2.0 20230923(1).exe"

C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp

"C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp" /SL5="$700DA,2712295,281088,C:\Users\Admin\AppData\Local\Temp\AULA F75 Setup v2.0 20230923(1).exe"

C:\Program Files (x86)\AULA\F75\OemDrv.exe

"C:\Program Files (x86)\AULA\F75\OemDrv.exe"

C:\Program Files (x86)\AULA\F75\OemDrv.exe

"C:\Program Files (x86)\AULA\F75\OemDrv.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.178.17.96.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/2216-0-0x0000000000400000-0x0000000000451000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-AQOB8.tmp\AULA F75 Setup v2.0 20230923(1).tmp

MD5 45115519d1f8b09519fef32a2612b9fc
SHA1 8b03ea9d6df3af1c6b492319217afbc3c0da8ac2
SHA256 02eec62b7139a7cfc747d5f897ccedcf76ea154ec63ede231436a0f89e317387
SHA512 e0d4893286d075717926ac1d6f9af388f14daee09eb4222660f37619487e732d2669ef23a6ce3b341571d99ec2b89e804c1ffa1f94740095547619d7a204fbd9

memory/492-6-0x0000000002410000-0x0000000002411000-memory.dmp

memory/2216-12-0x0000000000400000-0x0000000000451000-memory.dmp

memory/492-13-0x0000000000400000-0x0000000000558000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-5DM2V.tmp\InitSetup.dll

MD5 3bb4a9fd05f14cc833291f7332565843
SHA1 def4f41072c57ae0c66dce6b325e6d4f8c32504e
SHA256 72f5cfe575253eaff31e27ce8f70b4caaa079d2c42a4130515eecf7f0967115d
SHA512 0aa11d6d10c8a8635db9e514e4b6781e7105c9b1ce568f1bd012eed39d46d36340004507233cdd692049bb9ebd8299a067cc5462bdf9eaa43d9ec6d38144f0fa

C:\Program Files (x86)\AULA\F75\OemDrv.exe

MD5 3ca4211c7fe9d9df3ca4fa05e41ed44b
SHA1 fe93a7aceea51c8540fc52256e06722ba85b7108
SHA256 54dc704f9d417a2c5df43b917446228c64ed942d00b2db3cbfa5b90ecac91237
SHA512 7f19dedefd3438f3f33d194e65b18f6d083072f955081e672fb85272d4f6093803c49ca7274289cfc21e77d676a0c968fd72124da129edc6b31b64e90c7f4db0

memory/492-345-0x0000000000400000-0x0000000000558000-memory.dmp

C:\Program Files (x86)\AULA\F75\skins\mak.skn

MD5 56f1670f2a95e8d4e443d9e567e38d13
SHA1 d54747e77f95e2460c8c6e6403a548425bcfdc7d
SHA256 147c687edec5a9a97d566353a77007308238bf8767e7f855e5c3cd46ac02b696
SHA512 4e45de2fa7a5a795c2a2147cac00d932baf824f1d9fdfd02f47d63829d5c4b498ff06de833da920671639463d4da1c6cb419e1e8a2090648a4084a904c1c5305

C:\Program Files (x86)\AULA\F75\text\en\text.xml

MD5 cdc84c16b392042e4c02154ce7522999
SHA1 795972cbd5d8d8d5e9cc691b906eeb287e0e8c8b
SHA256 82fc5bf5f51765ba375efe654fa5493bccab80894a575e0d4556348fa4a56618
SHA512 582bef1d4aad615f62e9d6707815a16ee1d7fef7379abea03b3c760011bcea867045560c4721468ae6e00fc30f4f6126af9b24e73a86e8cfa09b09c694b85afb

C:\Users\Admin\AppData\Local\BYCOMBO4\lang.ini

MD5 3466966af42fca8c865339ffdf7bcdc1
SHA1 634110e8670fb8a79cba5ca7525d9e4d6948e332
SHA256 2c5451afc3ee4f44c5dbf63d07377485ecfa52a024ac869f0ee113c9c1cf59f0
SHA512 80e609b099f0390cbed23ad968ac36c5ea7f66ab05c7b188221c6d57ee1a9e9bcb2584795288342ea7b34035a85dfc1aac7ff478049b4cc819eaec06de26f843

C:\Program Files (x86)\AULA\F75\skins\main_nr.png

MD5 baefc7b8fa9d1a200b337af9779d8de1
SHA1 fd10a7e607cf66bc97205fc998b27a8aa955281f
SHA256 d11793fbef0ed675c70109f16fdefca39be54cb323c90ecc956b5d579ac7c8e2
SHA512 28a2f28c9f37a630345e71535ef809616da7131f30d38105470c643ffc7b36932696d2f1d16577e7baa66cfb810a7d7b7e8b545abea833864209b62b6573f158

C:\Program Files (x86)\AULA\F75\skins\icon18x18\min_ov.png

MD5 73415a23e52bbde0ffcd39c8405a8a5e
SHA1 2cff17beadf53f59ded21dcbf3ecb597b54fda7b
SHA256 4e5580ff509d58f35d5d0b84c0b6f6fcaac7d6ef12c55feaea3ebc8ea6f08a9e
SHA512 9b5fb9258bc5f037e5697245fa2a176898f3fe64a937f47286ed7dfc306629dae3d1bc49003b0bfaa40fe46028fbebc75be9d05bd9bc3073de1d7df80f8c3ba3

C:\Program Files (x86)\AULA\F75\skins\icon18x18\exit_ov.png

MD5 7343f5cd0fa6e34165e95d55e151bb01
SHA1 a1c8162a82cad37ef54173120674d53cfc8a5994
SHA256 3aac676de969011ae40f9ff7da88273aef99d0e4f76c0ac5f81e0013cc9c5eb9
SHA512 03cc7539493d71b976c46ecda4c0bd854321c4eaa7aa1996371daa2d83fdcd8081d991842e46dc4d40d972f57c2ffc9e591b0babbad3bf73e197593692827b1c

C:\Program Files (x86)\AULA\F75\skins\icon18x18\exit_nr.png

MD5 fa96ec85f53a059a3d82151a5cae13b0
SHA1 9490a3a3f8b1870f59ffb37628c1d9abc776055d
SHA256 0a6c490ac75f40c3d23351845521ff4d4614b347cea8d5b591cb99b33c9840aa
SHA512 281ef97835d18288079aa357430954f7f60a60176bd9e3ed94fa93d09d4dbbc439d798d81ed7dbf1dc5ae519bc8f4719d8d3a8b5c2548f163e846ace495bdd91

C:\Program Files (x86)\AULA\F75\skins\icon18x18\min_nr.png

MD5 56579d116c3d8d5ca53eb4297b8bfd78
SHA1 50516851dc3a5bcd81019b510b15dd40868570b6
SHA256 fc07072782f24efd01f584b05a9f11cba840119d1ff40aadf58befbad2d8adc1
SHA512 6b5d9420b6c38caac6f663a2ab1908a8787d447a9d927e049d7d495a1b7cc56624b7e9958df89528aaa797fbef22da17165ed534c59f5590d43795fcb11182ff

C:\Program Files (x86)\AULA\F75\skins\user.png

MD5 82823c4540d0d431d032c63ae2b266b0
SHA1 cef3ebf1438a25d8a0d6fcde1647c3c321244315
SHA256 b59eb21419b7f1cefea9361d649f0a692e6c122213b228022baa62d56465e84e
SHA512 9fc5430c8a1563b0b7c80176324f40bf926c781ae112fb406f06a79cd9f47db8c0c36eeab1e6c3b0c9b2ff7d042b1f7a8a87a40e1ffd9cde8c8c82eaa68ab991

C:\Program Files (x86)\AULA\F75\appico.ico

MD5 73edc1797b66133d3a4b304fc18a2515
SHA1 a8421533fffa806276ed45ece85bb46106f2f8ba
SHA256 b43a53dc95f2564fa6512f99674794fc3b1cd07954d6e0552b08dc505f49218f
SHA512 d6b07cf5968541b091e4f8e9bab0fd2a817955c6f7fe84149fd9673f44e867910f81d2854ccf2dc63b393bbf42218fe2f75dba50d2cd9e3522c7a2bb121b06f6

C:\Program Files (x86)\AULA\F75\Dev\kb\wired\KB.ini

MD5 caf39d91062a539e8f2ebe3f1fe7d698
SHA1 4c4444f4da8b88bfdf39fbd7eb61b27e961d4c5c
SHA256 22b1beb8a2635eef87d4925caf115ca484e2afc2a83df338d79ee58b2e7853f4
SHA512 e3bd5d9572b8b8cc1a3c954859450d08a6ca6a678b14b0fd0c53ac0881816a0c038862c70bacdc749d048508caccc754841fc468acf190e729f848414de5ea6a

C:\Program Files (x86)\AULA\F75\Dev\kb\1\KB.ini

MD5 7dfd7eb19a189e6d24b3bc74feafd17e
SHA1 926888da073d1d9eb046f7d145b5b41886a2d0f9
SHA256 794751026176e96a0432bb8135cf35ee1fcbe95d856517f760f9dd79e7f4f0c2
SHA512 4cda3ab92c70ef8eff544ae02fba1a7ba7ad764f2a369e86736995d385fe2e7d36bfbe9ed1be6d2d145b993a9530ea45b2ea74fbef49851e11fc6aa80f28d827

C:\Program Files (x86)\AULA\F75\Cfg.ini

MD5 c0b83d3e946679aa424e8f7399998854
SHA1 4866a7a92efc1b5cceb51d52880878e637e52135
SHA256 c7bdcc2b4ed7670c8473c12520f0c20fe4ee59135f931e75bd9d71092ee4c794
SHA512 ed88c4b30a39f4150cd4c9aab1090919f554e56600c8398b71fa299743d524b9947be2b82a6a83a8a7da1b8850bb616309fece2c7a3402a98dde5905f7f93083

memory/2216-346-0x0000000000400000-0x0000000000451000-memory.dmp

C:\Program Files (x86)\AULA\F75\skins\other\icon_kb_nr.png

MD5 ba72e8699bccd0d8b9e3a668c6ded2a0
SHA1 4af693d261c87ea05fa69095b71186a1a734bfa0
SHA256 1895de1d82178c3fca5de6413b67ff31c1ff960293943d039d4308fb01c27981
SHA512 79ee123000d39716db4060d188912a62964f7efcfe41fff6efde89f8c26ddfb426e837125fcf3c02ace9001ad90a99516174b717bec91ee30e9dca600bf5086c

C:\Program Files (x86)\AULA\F75\skins\other\icon_ms_nr.png

MD5 5be537ccc92dc7a8385ee252ce63fb5d
SHA1 58848a30c4b8010b7f3759b70bfbe5d9223aab62
SHA256 8d88850136dc982ad4de34055a437980b8a8dc85805126de8a1b7a80d4e78554
SHA512 c998f7060bc152691ad175cc1b90dd9766fef6b930f0b621d3459bdf15aa5bb4c49596b7e35bc1adbff38c6e8d064a6a7d2fdae491905a3477410d270aed692b

C:\Program Files (x86)\AULA\F75\skins\icon18x18\bracket_right.png

MD5 082857f12ef1cd77545df5bfd7949857
SHA1 734869f277a14043252a43c720d115fd090339a4
SHA256 d0e21db4947092913a6184aba4c2f1b2e762ef0718b23f5d91497fd38d1332bb
SHA512 349bd55ccdf6655ec9dfbf85c2217743e8d62d0df480ab9f34130ac0af6a95ad3a273d0dca7ebfd29c4b28423959edfa19ac5e1f63fae75c88111ff0f3dda0f5

C:\Program Files (x86)\AULA\F75\skins\icon18x18\bracket_left.png

MD5 c6172143233dd77b58d83d216d343bca
SHA1 649415e30e472f2716a60b6f1a8f94ff2f4c4cbf
SHA256 5e3b18226e17fc720e8db66a34433a66b3d362a0bde7cb92d6ec00625445db35
SHA512 81292fa3eca07db6addd7f5e65d6e5a539abbc726f9576f159f2408b556621fedf741f7fbb0097e952662b50e1e0459000c49ad31e63ec67078a06b27a49a875

C:\Program Files (x86)\AULA\F75\skins\other\icon_ms_dn.png

MD5 0ff97053a1c78bdcd184a374e40ecf19
SHA1 54091260e5819c283f3c5ba44f16eb497250a1d9
SHA256 4640cbd5cf8897d1e78616c7a1ef587e65bc22f68f30c138d1d7e5900ea9e51d
SHA512 7c876881229f17bf04c5f57281027351240fcedc9b207fc9d0573c66a6ac8461d57c4f307b311e615158f4009f6ebb7d71f75611d39f96e7211abb25ce96d4a8

C:\Program Files (x86)\AULA\F75\skins\welcome.png

MD5 bd04d0b6aa0adf5a241432acef0cc43c
SHA1 6574e0d9943962f163ac96d3f8ec65383c46baa9
SHA256 d052e86b982c2a0a356317d11bbb643fd124e15fd4889af7ce44d37491b8fca0
SHA512 c7247321fcd08df8b002842cb2b1b1e527d33fe09971716350298a35627548c4fb49f3e15d2932d6b5e053699851c60b3e86fb5139b2e3a7d8280a718e2d6e02

C:\Program Files (x86)\AULA\F75\skins\icon18x18\share_nr.png

MD5 5ebff6833375d0f3457fd71e2c433fa8
SHA1 f33689ac4b65b950c18f5dcfe9b6203edf8f0891
SHA256 f596a82c21ab2dcb62da6ddd5fa7a17a2375cc0aabaa9c465aa2b6e06bb49f93
SHA512 af4541b17cb78857cb07f791c74e4f5f857039def96ef6e04a2647f292aa299c881e577ded18d64ce91d28670d5cd262f8995712cc3e154715c678461070c003

C:\Program Files (x86)\AULA\F75\skins\icon18x18\dir_open.png

MD5 b91be0296462123620bed844f6cb5ed7
SHA1 c49b3a6a70fd89d2d9bf3d98d40c4d84f4e229a3
SHA256 88d08ca4121d98a2a6264d3802a55bbb8e2a76812b8e4f8d23dc0ec4964f7555
SHA512 4fb7f4dd28a4ea171aec80b1a345864955b0796fef83248895a1a2e6a70d5a644cd966f0c5c46c1712d3791485f47ba190645a1d0bc4b26e39767d5afd5df189

C:\Program Files (x86)\AULA\F75\skins\icon18x18\edit_nr.png

MD5 87b2172f4c13632713f11bed2578977f
SHA1 838df4edbd6e602fd1bd35e76b6a815de9003256
SHA256 5c44d49fb33be475b47414f8845e29f9cc88c6c963e8e685b02f08fc1c7be003
SHA512 93be9bd9adf2aad628aa4cafb69d8c508f2624518f5d899cf411f507e9eccb2cd6dde5219a3854abe47e41dfded5b5580ded5916b9ae84a0925a1f9c74b02a83

C:\Program Files (x86)\AULA\F75\skins\icon18x18\export_ov.png

MD5 bcd173b9d04f269d12b66a5a3fa13ce2
SHA1 6dfa6eb26ae2d3f442fc434060237c88657439a4
SHA256 a6908ac6ca974ef0842cdd88595676a2163d7fd0070e9d643225f573ef10e290
SHA512 f2117a3c52ec8613a08bc9a8e0091c8970d1616f62cfbfb7080a1f31876987027a01e0fcfaeceeaa1c71d4fa3649e1a3d091d5d5797090a33aa7cac5d512c7a9

C:\Program Files (x86)\AULA\F75\skins\icon18x18\save_ov.png

MD5 46b44ea41346ede223fa6726fab725d2
SHA1 cd04bf0fd339217b191907f5b4df53eb83d05ade
SHA256 8b456b81101539ede010288efaedd170109485be92c5fa5b422156a1599b63e4
SHA512 3ce5380960571505748c36df16419acd32c7e850ab4fc1ecc319a1ae038fc4d07bf92842becd39b97270c16332a5b504e1c3f4341d40d34564750dd880b5988a

C:\Program Files (x86)\AULA\F75\skins\icon18x18\save_nr.png

MD5 58086091e98b63b122f1d27457dca125
SHA1 683bb1f1bdbc23f48f757012c7ccde5d97e1eb75
SHA256 107306efe5338845dcde65f47c0ab7b68d3c0e6b82fb77ef0cb0eba28d3f595c
SHA512 af746585d871a98c71414264c122bc82bfb61f5016eb47bc34e3746725c9acf7eb1ee6f462d1956ab62d253ffca08179f226277b327ae2dc9e4e5f1a1c5cd1b9

C:\Program Files (x86)\AULA\F75\skins\other\time.png

MD5 75b0072bb8a2248b8b6f6f95824d559e
SHA1 8f053bef4715a17151d01e5291e152e96b68953a
SHA256 5aa3df6debcb777e25969e410ca2ec5544f05febd13c8c2f0aad3362fe051964
SHA512 c99f770520b3b1958986f028a8c94e382ff1f5390992b22a835048443a3624771b31aee83a70273ead051ad66cb9b18282210d89828e12095384af25265a55ae

C:\Program Files (x86)\AULA\F75\skins\other\mac_keydn.png

MD5 457e1395560347fe8541e4ee551ff267
SHA1 35fbbb5d43f379111a0eb424e9ea34f8dd521c21
SHA256 7eb7cf847568052d93ea8a693618a9e2a1bfefb82fc5219e0a989af333308af0
SHA512 5ae06d98bc1bc63f6a5712d08d0dea1627ec408e18615494823ccd14a0ce2629365ce7cba42e5e4e602a9b9284c9c670c9bdf800de48b0b1ef7166a911aff192

C:\Program Files (x86)\AULA\F75\skins\other\mac_keyup.png

MD5 8273c1e9d74bc74b70e16f139d80b012
SHA1 ecd2b7e617579b32b38c610ac665465f9f8972b4
SHA256 bad3d998aeed2b8eb8d57e5b2e71249011d3058208ed2a9914ddebc3133d2254
SHA512 28e78c1ca1def055ffc22f252c29080713308d0bb1d4d9ecd40c83a648d25392d1f60eacda6b8c612818112979d7accf31fa6d8adde2ceff6f105351452a0913

C:\Program Files (x86)\AULA\F75\skins\other\msico.png

MD5 1d03df819b9d8efa5e50740b494efdef
SHA1 f3d85ae5d01aed363aa622b990ef9b2d9239432c
SHA256 b1beaf9333a398761fc1fbbefc643b5301177d5b31ad15232d647eea550383f7
SHA512 93a4a2c9ab09249033be4abbf496d56c0f0d800c48667b5cc8706a954a7ef130556211d94dc97a1f2f7423de6207ab89603cffcab8d474d8ef8e75090585d96a

C:\Program Files (x86)\AULA\F75\skins\other\kbico.png

MD5 2f6254565dc715068461eba44bb58f2d
SHA1 a73590ee9133cac8706c54947b04c7ddefcf516f
SHA256 4da8f28652b1ae2d3e10df0dbf6271782ce239db6bd4f61f280b1146e5b9a7a1
SHA512 4b4a6ba30fbec86fe4547e4b52e2812605adb8c76341364f75a14b38c1df4f116778f72eec12c803e973515bce3bc8f1dc9eee56593415304bf4a709a27f224d

C:\Program Files (x86)\AULA\F75\skins\icon18x18\export_nr.png

MD5 26e0b7c95b9c400c35532bdefe512e30
SHA1 8bd87fdc4dc924a2d2038738536bb14a3dd5db97
SHA256 87268064b8dc53a36b52a4f4747c094442e4746582df171b92fbe4bcd5abb26b
SHA512 99b3d0844759aff6037c37af8adbde02a40f189682e466857c5a43e7f84a3b31082c71fb8bc3515dc52b0cf740a4f298e21b76a04a1b0d9e34bc0403a184d181

C:\Program Files (x86)\AULA\F75\skins\icon18x18\import_ov.png

MD5 68b3e67e40c6438964db38a75b1874b2
SHA1 4702ef641b6a376bfa28960075fc9cd61add4524
SHA256 feb2017120ca9ba60d198c31ea5a98ffa099a2eb489773af3f1916b9fff3a386
SHA512 6119df46a7d715e82287a8e1a145a1b3a3331ebfdb0bd6f14e6051cbf3a8e3badff58e08681f2205e32eeb35ed414fa0a061fd9576d4901fe18104f7f78d5998

C:\Program Files (x86)\AULA\F75\skins\icon18x18\import_nr.png

MD5 6380a560a3f3be830456c0d92917276f
SHA1 a139e748452cfaae8e254a9ee2b630176405ee3c
SHA256 a2ddea92ffecce474d3cdab259f27f15d2ef6faf9c9a10743544e4a710515c79
SHA512 d5a754ac6dc8f4c3413be88633844fedc34bd8c24503830d05d7a71f44f6ea059c65067f33d826e16e31866b6b8f8646e2d8d2d0ea886d84e485b019bb909fe1

C:\Program Files (x86)\AULA\F75\skins\icon18x18\copy_ov.png

MD5 cf682a0111442fabf2170969c123caeb
SHA1 94a650ea174f7d83ca9712d35f39257bdf8049c5
SHA256 32ba93b200f1761b298fead53c4746a2c11d2115be9d9746763498ac57eeb7c8
SHA512 6c4fc5e55988eaeeba7dbc0cd8fb41fe84a39b61965d2515a13705e9b07c865b2cdc19ec5aca324c1ee693232fb42b24975a609337164426fdaf3cb8b5d7d1a9

C:\Program Files (x86)\AULA\F75\skins\icon18x18\copy_nr.png

MD5 cac89c7e3e89922383e745581828aeb8
SHA1 ef05a345f10e1d5ce57cf23f2436696b34535917
SHA256 62235019cc93768e6fe3824f36f1ff8cb52509dbfa95f533638a83a8ffa217f0
SHA512 19130bc78f873fa31bffbb45f7145847033922596a231e4bf32b1375ba6c36903265697eccc252e965188b17fe2a7d86846a27f67cbd76dd17158f47e307884d

C:\Program Files (x86)\AULA\F75\skins\icon18x18\rename_ov.png

MD5 a4a2a293b72425a26c6910985f2c0d70
SHA1 7d2cb4b833de30d747e055b4ed39373543789d83
SHA256 32980085c49826ec1b089abca7a2c85ba40b33fcf1bc75014dcba0c6111be388
SHA512 7b6bec18f316b3f10ab0a674d1216d04c17b62defac0c08ac0bdd3b34aaf6aad946daa0fe4336302409d90196a0f0175a902326d718ee41469b2652ecee3bf98

C:\Program Files (x86)\AULA\F75\skins\icon18x18\rename_nr.png

MD5 a6b963f7003fe0804941c2c311a9628b
SHA1 5cd0b7acb460d024a86cb8468e096489193b19d3
SHA256 3c46c296c283516bd5a9ed6c7057ca04b9384bfce5cc62ccc84c2d191a1b5333
SHA512 346e52210e41ca411f66cc8a65bfb7b7400cf148dc9a7cd8343869da0cc0f0f3cb531fcd5ce2c7b10d6157d21024b9494a758edfb95a8fbea26f73cefd788da9

C:\Program Files (x86)\AULA\F75\skins\icon18x18\del_ov.png

MD5 7c25d89c6597de7cba5800d1d5d477f1
SHA1 80846f6a892dc4aea179266e9abf0ddacb8aecc5
SHA256 282985f6b17440706e8098fb1d86a88132aaddd2ddbb63f78b7be56028a9a418
SHA512 36b69254b2d1db98b74b29e3b73681fb49de11a36a91f5da594c70cb82b31fbf045cec5a1bec46fc1d9eb5439d68d9a86c6960db28ea3953080d50620bec7903

C:\Program Files (x86)\AULA\F75\skins\icon18x18\del_nr.png

MD5 5bd99bc83f220dd210a7f083ba4568fc
SHA1 a606498e3f118d595e8e5840ccd3d051f3c627e2
SHA256 415e271d0dfa4511ee42e917ee1a08df56b2c8cfa4d954a06dd611ea35e4d6a9
SHA512 3cf926b4a9b8d59aaf4c8f1be6dc0d5220b1b8670969668a712987eb58549c53cea7d47a3be9c267235819d4cc408f7de28aa252a1e53ea5f2d024d4eed9b333

C:\Program Files (x86)\AULA\F75\skins\icon18x18\new_ov.png

MD5 3265a5b304b1cb15a940afde09f06291
SHA1 e0edd4c2e670453d1452ac2bc500520ff2e38c79
SHA256 97b1bf78bb214cb820b43f0e99c852c6bbf25793cee7e4cf1bb55408ace274a4
SHA512 940d0368cbddaac7ba1c8af98a6890e341566f82b19e0a33808eb9810d13e77015e2ccfef03d1e4fab79c3ab76858c2d1256bd0414425304fdded4ea3bfa796b

C:\Program Files (x86)\AULA\F75\skins\icon18x18\new_nr.png

MD5 74447c4f770d6c516e13e69983293fec
SHA1 834fce23412a54ae553b09b283f26f7066304b8b
SHA256 dc407e41619893c1965c95de61627222720ada6f32d619fd0d3c9d86768fa66a
SHA512 e1221f7f6f121ece2a5a825df76af8eec24a5b4518399aebe16f1acbc36897ca749f5c288fbc59e787a7fbfcf439fe1c2f24e2ea74700cdcb10cdd24eeceeacf

C:\Program Files (x86)\AULA\F75\skins\icon18x18\dir_close.png

MD5 eddc423e087621dcfe3b4b70264c1243
SHA1 883b7f099e8b2dfeff00fff6ebb6d8d2e033f564
SHA256 20dc6600daf41e597a4c68615113d26bae42cf54e7a9abc6173f61afcc918812
SHA512 5635fa0bd655d45c41a94037f1757b1f44a12c84bb72ed91c6bc77be778f30276415737a8f878ca37387f8c997a5b25246c2b50c75892ea82d458d65bdf29b41

C:\Program Files (x86)\AULA\F75\skins\other\macico.png

MD5 f8aa97177b9de4c4d73725adab67f2ca
SHA1 5f575d7e16f6ef1878980255c5ee3c450e60d791
SHA256 cbc4fecc558b53d40e28f63e040b27f6a12eed625d6aa8f47fddfd8ce448d655
SHA512 d7eddbfcdd72cdb519318c7e35994ef5cc4911a624ee51c022386033a7f6f5e1065d8d3fe54c1877cc0d1b0d2adcf59594dfb5154732a276a667346f814241a8

C:\Users\Admin\AppData\Local\BYCOMBO4\gSetting.dct

MD5 60054651e541292badc586b9c2541105
SHA1 4a97721039b9a620323fd470f7a7e075342e8990
SHA256 fb4110a7fd96324616cd137ef6eec8aba4731a0e41aedd35f3f0e7c6d37a564d
SHA512 de378e15c515bee2af867ad73b644cdfc354fd19ec6569d1adb1e48e093916529e428adc4bf598f081808a5d12bb2fc5e2bf989ca3f0ef950b8bbb78261a6ddf