Analysis

  • max time kernel
    73s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-03-2024 23:01

General

  • Target

    Windows/Email-Worm/Email-Worm.Win32.Maldal/Maldal.exe

  • Size

    80KB

  • MD5

    cbcd34a252a7cf61250b0f7f1cba3382

  • SHA1

    152f224d66555dd49711754bf4e29a17f4706332

  • SHA256

    abac285f290f0cfcd308071c9dfa9b7b4b48d10b4a3b4d75048804e59a447787

  • SHA512

    09fdcb04707a3314e584f81db5210b2390f4c3f5efa173539f9d248db48ae26b3a8b240cf254561b0ecb764f6b04bb4c129832c6502d952d1960e443371ce2a9

  • SSDEEP

    1536:wh6S2wzALFx8hkMsiUmxi6QPitAKQjY8c4B5h:dS212xlQvKCYx4B

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Windows\Email-Worm\Email-Worm.Win32.Maldal\Maldal.exe
    "C:\Users\Admin\AppData\Local\Temp\Windows\Email-Worm\Email-Worm.Win32.Maldal\Maldal.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:2324
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\Flopy.vbs"
      2⤵
        PID:2976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
        PID:2980
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
          2⤵
            PID:668

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          65dfc1f80e82820cdbbfebc0e5a45957

          SHA1

          bfc67e836c7490ede100e9a9a13d9b71d7ca8553

          SHA256

          cd0f1d67b2d2c55adfcbf9f89d2345033e1dea5c84d8923dc38fcb37df099799

          SHA512

          5bd6b1803a56dafe2a34623bac38766d1e70cca45d0896100afe2a4f39f28ea743577da88410c2d5e8035daed7f354a3d6ae3511d83a744244d2f9fc0ad51fe9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f4f84baf782bab577452f69091b409e5

          SHA1

          ddda13d9b8a4d8ee5f528605305a9dc202e9bb7c

          SHA256

          4dcc49823e019199e06967315113e92665cd12a9ac0fa1e1a98e28dc52dd8aa4

          SHA512

          98c3155adb81dab088e515a512edeea8c72ed169a659e994f95cc3744c369a4ccfb8aa0c95e7490e3fdcfb4de606adbd625fee65a87e3a73b884782217ad03c5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          cd1a005e1e7b33aab7586cb710079799

          SHA1

          06d524e895f74954d47e4dcd2997fc92e4a88aed

          SHA256

          2206c0fbca59e9bfe66e5d7c22160af962e4319434c088dde8edb97dd41cca4d

          SHA512

          67eceefc2b799afeb9d3270460948a7c14180d4f0b2278660d6fbe8ed08a16cb237b92dd18eebdd05fddf2b353e477e975d8605fce94a913505d44eda63e4c83

        • C:\Users\Admin\AppData\Local\Temp\Cab8C2B.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar8FCA.tmp

          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

        • C:\Users\Admin\AppData\Local\Temp\Windows\Email-Worm\Email-Worm.Win32.Maldal\Sharoon 1.exe

          Filesize

          80KB

          MD5

          cbcd34a252a7cf61250b0f7f1cba3382

          SHA1

          152f224d66555dd49711754bf4e29a17f4706332

          SHA256

          abac285f290f0cfcd308071c9dfa9b7b4b48d10b4a3b4d75048804e59a447787

          SHA512

          09fdcb04707a3314e584f81db5210b2390f4c3f5efa173539f9d248db48ae26b3a8b240cf254561b0ecb764f6b04bb4c129832c6502d952d1960e443371ce2a9

        • C:\WINDOWS\FONTS\ARIAL.TTF

          Filesize

          754KB

          MD5

          2936a2056ef3395f1d77571d1b9faf33

          SHA1

          a696dd5683952c7ba32b2d0f1e8c69f5c68941a4

          SHA256

          001bb08e859d4db7814902119412a14713b0c45e89cbc429bb3f5e6af14815e0

          SHA512

          f8f371d70103d21713a394376d12754f432b6b89defffe58b595e5a3cba588e7b2e04afbe8f72daf37fd9b8e609f2e13181c04626c061d8da2314538ee2b9db5

        • C:\WINDOWS\FONTS\ARIALBD.TTF

          Filesize

          731KB

          MD5

          e60435cf3fa62b54f70f9f3f464ba1d5

          SHA1

          2163602a70635be794797abfba88f90fe83a180e

          SHA256

          b27f2fb5da01910f925955c81a50c944e2147346a4ac41dfefdc5895d40a091f

          SHA512

          d116b460d227c41573153c60302d3612848c41a57b24bb63862600f3b05aff9a1d3460c99a703377074282f4ff5dc7311a80d2d703cf24b63cd6a1a02e601b25

        • C:\WINDOWS\FONTS\ARIALBI.TTF

          Filesize

          548KB

          MD5

          f8dc56a400c85002cf039f3d8a2fc103

          SHA1

          63b31c66225e3496b4181138754cece94e062c19

          SHA256

          18bc55c21eef55f24c8acc06a419860adac92ec832760c7ae156f0cc90e52005

          SHA512

          556b9e8facabe74a8f94ae53bb151599bedda236b43becc8b920937376676671e0a4014639dff85523a820377caf1bcb9f169a3c9a1478fd83ab79ef68cf2aa2

        • C:\WINDOWS\FONTS\ARIALI.TTF

          Filesize

          542KB

          MD5

          4872f1c7e350ab3256545fc1b06391be

          SHA1

          b1c4d707e50ca341bebdad178de788c2c388294b

          SHA256

          f40e4fa3c247433f317f5103175ad4164032dfb09b72d1c5374d25fabb71e249

          SHA512

          1618ee53f577a090644eb1f04d777f620058539cf5aed490041627b2644e9526465f94b286b137e7952f8c556095d250a8bd1bd5e4eae4179fefadce2726a640

        • C:\WINDOWS\FONTS\BATANG.TTC

          Filesize

          640KB

          MD5

          487b2ac80a888f2209bde6edab1a8d21

          SHA1

          b4d36934bbb5bf4781b9e2d31e0ce12d53bf56d1

          SHA256

          f3d42b34557cfb01f81e6cebfa48374da6b21a8c523388de675c0728ef049168

          SHA512

          f5706cc074fdd2277b187e0d02e6b202e24f9d317355caa45b1eac9e5c875c640c74e275f580d72b12e9f52e89a7b740ebb1a647c3df73f2e646501cdcf4a4bf

        • C:\WINDOWS\FONTS\COUR.TTF

          Filesize

          692KB

          MD5

          5bc234e37ee12adc26918eb88e5e4ec4

          SHA1

          3879626ea785a18b0bc2ee41687edb650e5af131

          SHA256

          c5e7cee4b77caf5ed5f1ffd7510fdb66d32109c6861b4a481b93b9166df03534

          SHA512

          274aae90dcc3925dbf04f4fded8d70eedadd926d0958d33c08766c693d429d2579f14aa966ad9106c116c28b75faf5bb67cc4835080e1595b8596747836a04cf

        • C:\WINDOWS\FONTS\COURBD.TTF

          Filesize

          693KB

          MD5

          47eea0aee6a658d70341a2ccc25bb819

          SHA1

          c117c57eba7117631df2cf54cae4f8c0d16de42f

          SHA256

          89cff1ff9e59a661ba947500e9c242506e2dbf36c0417783dea8b762e13da704

          SHA512

          81a3d74dc247e403ecaf7db0b63218d9102c5c67ec5cd0e30e3e6ad0e824bac5032c0311c78356889d020d0362afaf4c247f2a48632630371943d8a57dd2cbab

        • C:\WINDOWS\FONTS\COURBI.TTF

          Filesize

          517KB

          MD5

          aa3aa1f24b74ab96be6835b500cc4e17

          SHA1

          c77b37bf62c2a4769fb6094c6138d84dafe53954

          SHA256

          5d51cebc9151f377f52b39cd34da80f9179236b1ba4f261ae4023c077114e27b

          SHA512

          400b38ad127fe5e305a4df65e2af8009b053c7f77d58123129ca0e1e8b9b417366bcc0ddd7fbbe013a829725d37e2b88884680dd84b74696b90181b1d40c3c5e

        • C:\WINDOWS\FONTS\COURI.TTF

          Filesize

          603KB

          MD5

          166cf3c23215a1444fbf866189c88d79

          SHA1

          4dfd98dc7df3e5f8c696332d640488239be44d01

          SHA256

          d9c60f6e55128b775b25f8e26b20b486c1a4de56f1d55348d5ab6200d9471b06

          SHA512

          8d45708f46ce77305b3b99edceabafd4b6c9d3168620d0c6bb565b1ecf13029d03c3d0e6e38d018a56ff40fd10f027534f9f13fffae40def132da86639f54723

        • C:\WINDOWS\FONTS\DAUNPENH.TTF

          Filesize

          186KB

          MD5

          5a68a4e0bd54f918326fdcf96028e3ff

          SHA1

          fec6358412af332f8ba8bcce6dc8937cb2cd3648

          SHA256

          5ea3a22e03026f0ad4a9b7b8fdaf434e0af4dede482a11ac693e374f576c7e96

          SHA512

          534b1365ec18fd70d726f32be63422bbac288abd82a2c04771eb5dba2629c55afe7ae4f6a29d8729be7679643144a3a5ae0459f09dbd6ea7af04d40d1d32090f

        • C:\WINDOWS\FONTS\DOKCHAMP.TTF

          Filesize

          146KB

          MD5

          119688cc24c7a1c78a469b0ed365edd7

          SHA1

          c5af524353bfe2b99ee259e6ca4ad9a48147b8b1

          SHA256

          b9682c73a954f5a8a1b2a0ff88b4ff54cb20143a0330c3b1ccc2f9aede2838c7

          SHA512

          3012173d81d4d7c8c6fe862533d713b73b816c3c7165c0a44cf94211d13f674fc5230f097a005638e87bd10175959c07b709b4291c0ab6f0ace6449debadc964

        • C:\WINDOWS\FONTS\ESTRE.TTF

          Filesize

          107KB

          MD5

          044bb9faf1f2b8000358d5a15419e296

          SHA1

          1ffea81507010998cbcd95cb8d3407b6c12f7422

          SHA256

          9d4af8c7bc0b84e0501db2b43303ee0b64c3fb2e7a59d84ee744bf6cf66ca6ad

          SHA512

          d80005d5b3b5b70f619894bfffafb67acad6c9fed183f97e9bcb6c4f7b148d9d5b9c20cdcc3a787874a38db600544f8b14386c296befb716462395959f2b46c8

        • C:\WINDOWS\FONTS\EUPHEMIA.TTF

          Filesize

          168KB

          MD5

          5c81010800152b142ea357ccbee8c40e

          SHA1

          59770f9c2790ba18348ccc99899318f2a263991b

          SHA256

          70dfea68456eba5968e5a6832398eac938b0b6c40aa6873af1dba69f5e7677f9

          SHA512

          92a9ea0c43f2a6a379d0f9220b84bfa2a9ce2258f384bcac73903d94ba017ff4a713cbe3610a59091b6c94148d69e24df5560f71ad07d768318e76d10599e77b

        • C:\WINDOWS\FONTS\GAUTAMI.TTF

          Filesize

          250KB

          MD5

          379c6a5ec3d085b1ad2f0d83fd40c580

          SHA1

          e1c07869d2b2ee55fef447b670c039e22c5119b5

          SHA256

          15c4267d811a3216c5df9110596125ea4a108244e3c39d20fe6d5a2b06c253dd

          SHA512

          f464c415edf1012145503875916d1580956d59e7a75ca962d6efd84acea30b4044dce946fc5a727d28a1fad3d1c91c59bbd1db676770e34a40bbaf298facbd79

        • C:\WINDOWS\FONTS\GAUTAMIB.TTF

          Filesize

          216KB

          MD5

          1cb82c6f93c51aa8dd7c7ea82cd641eb

          SHA1

          96bded4a52b798f6e9191be53accac46798f1ac0

          SHA256

          80eccb06c696972ccbb52467dc5abd5fe4de1eeb14f4797580eea14ff50326b9

          SHA512

          8e45b17b961bf8d60a547355b6b5a69d82f405b791345c10b1c8db08a226c8db622014d91256ad033ae34464f3923e34d4ae45094a730f999d6c9fe3a6a3c45d

        • C:\WINDOWS\FONTS\GULIM.TTC

          Filesize

          1.7MB

          MD5

          e85879f48de0bcd962758eec861ee4d5

          SHA1

          424f148682b205b3da11003dd1f4899385bee44a

          SHA256

          4edea9c024fe7d13a06341194378aaf3a7e3c35873aa4695f3b6bcf0d217f97b

          SHA512

          546b3bd23bc8eb195cbd3b657d5bf054be0386df0ccd91fa256dd89dc734a78417dbe8b2120bb3e7da49a3b7426aae4c9a0cc209280b6726f29e924449b985e1

        • C:\WINDOWS\FONTS\HIMALAYA.TTF

          Filesize

          595KB

          MD5

          8f368e0eff315719ee0fbbbdbf6c98bf

          SHA1

          eb8afadd28e9cf963e886b23a30b44ab4fd83acc

          SHA256

          5c9b5c16ea7f9de3730d716581cc065e153e8f335efb3213b7f8ebc218ee0f24

          SHA512

          cd2a426015bd3de979aaab57696d8795c9fd78a58cd4dd9a187974d964993d16566d09b3da871f732c4d845a003c05929e7a9679e48187ee489103043c6ba072

        • C:\WINDOWS\FONTS\IMPACT.TTF

          Filesize

          132KB

          MD5

          9f55a26d868843e465aeeb10dd59d64c

          SHA1

          36e27cd5efbad2bcf2d9898b5a9328db62af7395

          SHA256

          d9d7f0b973c131b0b7923a726f6f1de964b1073ec982106a027c3db53cf02633

          SHA512

          01cb2653aa622db182f1a085ac72212402e78d751d993b8c5a854b088bc83b007a8ae1cb551dc49e61dafef63ac968f2f68c3d9c869ea1ad3131b9f77b4de856

        • C:\WINDOWS\FONTS\ISKPOTA.TTF

          Filesize

          535KB

          MD5

          38acc11ee03d6c1df3df3cc99a04b734

          SHA1

          a8c5fd12ce31adcd5ccee52e03742dbfa0874dab

          SHA256

          ac5225f630841b8fce80ba31044274fd9cc893957fcecad51114e21795536bbb

          SHA512

          2ba1683bab71592a75809d9f0543b08b20601acb9a5dfea28c9b8f225debd2d5481b74f138f7151a39ef579c6a3d54e588205e35f0568914cf94b0905f449b0f

        • C:\WINDOWS\FONTS\ISKPOTAB.TTF

          Filesize

          360KB

          MD5

          9d1485c0d69bf9dbb6c5c8d1a1294299

          SHA1

          c74899946a7d519bcb9ff866e8589e725d1ab1f5

          SHA256

          f9d06e11566e98b7d489468e52c881794570adcf9e072032a31d98945bdac11b

          SHA512

          db3fd5b9cec95b718e3d532a99222068ff7ccdaf58dab70a666ea5f5cd4099cdd327b8e59773a710100c509121f44fb036fd043acdb56c73271a10b0aeb9d43e

        • C:\WINDOWS\FONTS\KALINGA.TTF

          Filesize

          207KB

          MD5

          f2e58d09825cb28a11ce0fe36c85e51e

          SHA1

          07c928e80aaec7e95942d3f8850ca5656e39cd0f

          SHA256

          c6e7edaa6fb6470640fb2ceb3cbe6dea91e85d45080c020098ab2a64f1e55ed0

          SHA512

          4e05e89f9bbe0a237253ccaca106a86cd2f0b88cf800e7bcf5dbc090c60739f194abc334e578171694ced0cf17666e546bc38dd690959749f9c2244ce0f4351d

        • C:\WINDOWS\FONTS\KALINGAB.TTF

          Filesize

          200KB

          MD5

          476425c533014169574c5aac5193a3e3

          SHA1

          11f31e3a40d4067290e92cf710bc47a8b55e7fcd

          SHA256

          a44e2363dc02b671ccc19f316287a7e60673a2daab92aee5fdec15516afc1440

          SHA512

          9f010bb6a3b409ffc0430b9f5945a74e1e207c5700c074c84f7c6741ab4d6f573330cd7ce93e3f6bf2488a96bee1f6b554f383f6702aadc407feaf2ebd2b9786

        • C:\WINDOWS\FONTS\KARTIKA.TTF

          Filesize

          128KB

          MD5

          91cfe9f3b498c81d9095976c00bc1664

          SHA1

          17d63622dd0505d2d7a22ab87ed7b667921e6e20

          SHA256

          99a0d865d149b7dbb1470d014e420963d9f8886f7bca2e14ec8868c9145f962e

          SHA512

          6eb5ae2ebfb41cf84a12931fe9dffda5820bde47db5f1b412d95e90b51c2d6f3485a745cec57cfbc4f24d74f0141eb1f0e9904e495d8b959d199ff6c1b6a8e09

        • C:\WINDOWS\FONTS\KARTIKAB.TTF

          Filesize

          123KB

          MD5

          bb1045132f8d0c83aa339e311194f072

          SHA1

          5625a456687f157763111375de1f0fee123c9ba5

          SHA256

          6decc4edd28a56e28fac1b308b56059bb2987c3cd9f84336c9562adad579f41b

          SHA512

          9388c49466638671a21dda8e1e992757ac99591e9fc145116cdad00a5924de6ab7da802fdd3922a6faf308ad81de25cf29b58bb5f3e66fdedbaa3fe1f5023a4a

        • C:\WINDOWS\FONTS\KHMERUI.TTF

          Filesize

          322KB

          MD5

          56f089d4a1aecfe1368a63828e078332

          SHA1

          594824418042aee39f077b0592606d2a2b9f53de

          SHA256

          c4489c72c3b7f47e2c6749aeab9aaa931bae2bd160a4db51c9e075ed1af9e63a

          SHA512

          1caf31c9822c5dd7339a8b79c11b177b7bf30d02a31fb19dece31273090a49ab0cc8e1fcf1aab4bc64512dc34be54bdfd07f0ad77fac97cf192d34e76c7abeeb

        • C:\WINDOWS\FONTS\KHMERUIB.TTF

          Filesize

          257KB

          MD5

          c5f4291dd642d702ffb779fb404a1a96

          SHA1

          76c74ade43b9baa763f75f623a4ab0641d90be76

          SHA256

          4947ccd8dfeca8ca7213802cf2e5e42ae92adf67ac6d9409c8c816ab0b2e4a7c

          SHA512

          337dccc681ae8f1f4abcc7591eda7922d3431982ee161734d0f8d45ff3c663b7fc0ade9745ed230a6711334a48bf51c46c8090a4c3fda034e144ec9adabe6f02

        • C:\WINDOWS\FONTS\LAOUI.TTF

          Filesize

          95KB

          MD5

          998c392b8982efab2b87eb46d7ebc485

          SHA1

          404aa98c5d0ccaf45633a4341fd686a0120fa1a2

          SHA256

          c4973d9c2a0eab7300dbb461654d645a6d8c7dc6f35eee59cee7411da3b368f0

          SHA512

          45d623511ad498c217a449405d1dfe20a6e4081e2431406ec8c76c5e8722ead669998b18d8679f3fd264ae8c9604e6ecabf7b83568685031c448c36c0b98ea7d

        • C:\WINDOWS\FONTS\LAOUIB.TTF

          Filesize

          86KB

          MD5

          9bdb49ce05598d1f68939ccba0cd39c7

          SHA1

          36f85c1b5146d2203f3930c9c80f24e4ba5ec01a

          SHA256

          27a89794c46f565d1c1e13c4ae746ec5087270ac104dcebe6286a4643e6daebf

          SHA512

          bc6404a3a17540d22963601686a7e6c774f03718e7fe010dbaad8c3e93c1e8c51c73ed82dc1b58f359902267b9319499039fe3ad9e1f3add49fb3ed11a0dfd06

        • C:\WINDOWS\FONTS\LATHA.TTF

          Filesize

          118KB

          MD5

          acc67c6f3ea43dee389ef123e02782a0

          SHA1

          3d66abecb0edfaf8bc70e74fe96ee6b59bb9ef23

          SHA256

          14e4e33df206ae15853d87b963246c6668d0dcca1ceb6d49ab0f007923fa4356

          SHA512

          50f2690c8d9a327cf848c976141df9acaf0de889607e3903b8c00e928015a621a7f8632049cdbd40c7accdfef95fd0f0191b9c49755f50defedc5f25aa41808b

        • C:\WINDOWS\FONTS\LATHAB.TTF

          Filesize

          117KB

          MD5

          25ac104db31463abf624c03e3219a231

          SHA1

          5089286138edd26021323aebfa135e7b42b35df2

          SHA256

          0438aa6a1a008888878e75b48692c2f9a1b33d821a715d78c84ea98db15e4fcf

          SHA512

          3128eca6cc6dfc146791c16c696e33bad25823849b3de68a384bb15073c6b7fe16f9b32d5014cc8061ced9d4314d473d1eab864f595e6144b4314d8a1a7d1cf3

        • C:\WINDOWS\FONTS\LUCON.TTF

          Filesize

          112KB

          MD5

          ed07815509f9c255b6e0f66c7910eb97

          SHA1

          0a9f330909c2419ea697352839bfbe480bd7b743

          SHA256

          f4df4d6d1a69d24e08da2ad2f45203b4c7147ddaa5187ccd73087903ca36d177

          SHA512

          5aa73c9f8d368d9dd14342ee9f3c66fbff439ffbe8ca5a252603b1069da84423ceb861eec1571fc5c31fd1d4bbfca30d3b7aecf01e832e5283b08fc95c22d078

        • C:\WINDOWS\FONTS\MALGUN.TTF

          Filesize

          1.3MB

          MD5

          de4d65519bf05faa4bfe4b02c95aa0e2

          SHA1

          296c34b9d27e6c0979237827e62833148e584a38

          SHA256

          cdb31bc19ab7e8d66b80391a22fcc5dd35809d145f62a89ae44e3b2ed8cbe28b

          SHA512

          0ad3e02fdfedba2bc9a6b09f08a36eab3505656a8b728d6761e78e2b782d7e46c47bd83d60e5ed513c858bda0d9c97bced602698d0e595e569a443e0a22d884b

        • C:\WINDOWS\FONTS\MALGUNBD.TTF

          Filesize

          950KB

          MD5

          df2778bb35a7b1acdc26052b7ea40c9a

          SHA1

          6ccbb8e5c3e83fb43e0fd299ab78c6b1e2a6863e

          SHA256

          c72aa1932ed750d5168d3da3b35ba5b42cdd7a8c9969fbf91bb07019cf1e681d

          SHA512

          f597650986d126ec5e30b73849a7881c8dab6e88a1418aa0105ea3c461ef17eb6df48fd0cf2c494ab0ab635215f193d95658d65187779e213d276684a750165f

        • C:\WINDOWS\FONTS\MANGAL.TTF

          Filesize

          201KB

          MD5

          c43b90a850a8309ed8001f1ffcc2d961

          SHA1

          70243f5554cfac2f6dd70f7547c93b552e848191

          SHA256

          98f6cbbf8c0fb839c0ca08338bc8d2dcc3b4a7d79f3921c71cfd28edb40f3e47

          SHA512

          90e2bbae5b6038b02274b9863ed36d18c28d41518be3b77a73e8a179d78e46bb725928820cefba9fcc78088e812dbe76d7f8782b4c6e052e1fb2d3184965d3a1

        • C:\WINDOWS\FONTS\MANGALB.TTF

          Filesize

          187KB

          MD5

          2634ce66d1c3d8634d2d0174c924d12c

          SHA1

          51e344a3f6e1696fae8539da7741a2018f0161c6

          SHA256

          7f74007d58af4db8d77c9c1023f53d03dd87fb68bbd3c4e9d2fb080fabd092b9

          SHA512

          ab752ec09294b7c7cc44e66d94995154549826bdf772bcffdee8936ca848cadc95b3123993ae767a906719730eebf99d85905c9202376fb7d3d752d66df6572b

        • C:\WINDOWS\FONTS\MEIRYO.TTC

          Filesize

          1.1MB

          MD5

          11ac70f92d3676d4983e680c7e6253cc

          SHA1

          94208577c1fc4d0dab31ff33a4e134f897703a80

          SHA256

          aedbf56f9290da1e6376f8fb61d931c404216ee7ae3570c1dbb4508c51da95aa

          SHA512

          a546e10fd95746059a50f52eab0e2b853505c89751c8886dabfc52a25a779ded017e428378a321c30aae7f7097f3c8fa8b3a40ad089d2a8859126591a4a85506

        • C:\WINDOWS\FONTS\MEIRYOB.TTC

          Filesize

          960KB

          MD5

          a7c6f165fa88028645128a316a1e9c75

          SHA1

          a9c1380db91c444ae777c68fb30bcccaa583abd4

          SHA256

          83af779c741ad5da25be8315d60d7dafd4873ba2c9ccc888d7f66fbb3d045ff1

          SHA512

          ae6859885351f016b29ddd5fcdd69668e4a059bea65d1e51b41551c60a80644b0616c0dd907065943aabfd980e45815d0aa542ccc9aa7b8fd12d1e5f779b4033

        • C:\WINDOWS\FONTS\MINGLIU.TTC

          Filesize

          8KB

          MD5

          c654c5bea9e18ea80915b391c24d5ec8

          SHA1

          f08b948198790a3c2ed228de9267b6a3b88afc2c

          SHA256

          6e9cb24aa7378f51ece81f5275c76e7ad6b9bcb3e19a2a85553869806ceea187

          SHA512

          ef4ceadfbe4ecc9691fe0a56fc671c6088e6e6463b8247321c71008793d3642239d63098498096497c9d827cd526cb6550dcb2b3971a030a1751d005900e1c24

        • C:\WINDOWS\FONTS\MINGLIUB.TTC

          Filesize

          2.8MB

          MD5

          e6a80f9af02e41e3ff4bb514f21f7223

          SHA1

          a5c935a572cff05f043e96295b05b04a2c67162f

          SHA256

          39ec2c1f4a4c1a9f82cfb57f389f5d7059a0269ba691f7033f3c4e24ab5ec418

          SHA512

          7b1854e09d8672355896e81be3f1e3918e69de239d6672502b3ec41d9e5d1238076f5fea7099167c204f1ce7722feffc1620c94aefae36d307470ec6f3d0a6b4

        • C:\WINDOWS\FONTS\MONBAITI.TTF

          Filesize

          348KB

          MD5

          f41bb054212dc3e73f4b1301868a536d

          SHA1

          d68a3b3b77c533201579447a2cc42bf49a17427d

          SHA256

          39548c3d602cae0edd460825e9332dd671564655a0c014137d21f9c9221b6488

          SHA512

          0bcc1a2072eb4aa22b1da6cd4c3a77a7af006138c93e4faca49eaaa07a648de587d3a3c88762f1d37ac1f3e6a139255ff73d72bac640572c515ca536c9c0eb48

        • C:\WINDOWS\FONTS\MSGOTHIC.TTC

          Filesize

          2.5MB

          MD5

          1e6cdb56ef5d8f9b464862d89c31cf2b

          SHA1

          45610726c18c69c8b2e914350e4b1d06bc089d16

          SHA256

          14362c61d183f43d07781f05812f49399ce83de6187af137874dc20af58eb83e

          SHA512

          648581a323968c6ec7751dfe318edd4fddbfd2324edde5cf7338f03c6c3cc4f48ea4476a1dfbc19deb1109342eee25d35949553672cb1db94c615130ddc74406

        • C:\WINDOWS\FONTS\MSJH.TTF

          Filesize

          2.9MB

          MD5

          3e21296adb341d73a8d9821131f5e74b

          SHA1

          1a7770fec95f39e67cc7c5502386a8348b91c70c

          SHA256

          3b192af614bf6cad7f05cc982eaf56ee70bfdb240e992a83ef6ace3764c10dae

          SHA512

          519633687ea15a08ab50512ab0b0b2c3118a9db12bbcab538fd88f4f9e234144041183f2e37a7e80e6cbe0656641cf7c0acf64680968b8475871bd4504e5deca

        • C:\WINDOWS\FONTS\MSJHBD.TTF

          Filesize

          2.7MB

          MD5

          b0167dda95d47f6f63d0e0e06a9cfb4b

          SHA1

          1eb521bc66e7a04e234ff15860ce1d449af3100d

          SHA256

          0171ea1c5a01b1bd7e685dc3645913472d4283ac7e4eb7cbc0dc133fc21970c5

          SHA512

          b6c7baf84ded8a93ccbc78a444150a718c0a8beba6ff97bf04a1f5c84c4bd22eb3f6682232061da0e4b8d71308d37a60127c977279a613043c99675529802c0c

        • C:\WINDOWS\FONTS\MSMINCHO.TTC

          Filesize

          2.1MB

          MD5

          6ba1898cbeb66931b97f60b9c9001d8b

          SHA1

          5f619a85c3659d029fa8a11a84e38a818634c6ac

          SHA256

          eb6eab055089ba429019ae31a5051a8740357e43ec85eb3b9112db53ae2b3c24

          SHA512

          333934417b87c6a1c3fd6b9b400f9dbe16fe369a6d106f05714e5439ae0a7360ab4251bfee5b325e53e65f719b95f8edc37c3812c1e95747b097484b80dc8971

        • C:\WINDOWS\FONTS\MSYH.TTF

          Filesize

          8KB

          MD5

          b056349d462876fd7ff52d9fb5829228

          SHA1

          157157702203f0a74ae1c0ae39a3cb90a5dcd1ef

          SHA256

          f980999a230f33293bf6f76167be90af42c8cddecf1cbd4a93b6e0a2da99c433

          SHA512

          11ea45b95bcff73b34e72ddc8b271c78cc5d47c15bfd559a68de132fc19ef0297720a899bd13009a0a44fde2e04eb6cc1240b4d4b10b849fbb57d3cc3788da4c

        • C:\WINDOWS\FONTS\MSYHBD.TTF

          Filesize

          2.7MB

          MD5

          30b7352db2211eded40cd1887df61c84

          SHA1

          03d4aeba77e0d295aeab2a327b39054ee61a2bfb

          SHA256

          1f5c2bdcf610a18a8899223be9f6590b1fe44ee376aa5b7af55f1d8a00c49e8c

          SHA512

          56dcf1da5a75e749437117023655aa05534ce27a53fb60bc1bd1df9c1171d3d63de45a9c2cbdd3b1fedbe08f1cf6bbcb20489f6026955162c889820c6ef1d2c9

        • C:\WINDOWS\FONTS\MVBOLI.TTF

          Filesize

          82KB

          MD5

          a7e3822358f6dcb2f986a68cf24721b2

          SHA1

          82e871441fed75989ee565ac932855a63aff9536

          SHA256

          08205f123a14ea253b7cd2b03807220fa927e921ef7f83c9bf37b538997626f4

          SHA512

          ed99200b9c92a7786af958eb439c46b3ae77f115d2d6343a6a75583ab18ccf300a25998e714ebd0904e5accfc5fcc74ebd746b3afafac0456c222a7b77117401

        • C:\WINDOWS\FONTS\NTAILU.TTF

          Filesize

          80KB

          MD5

          58448bc8344e86403c7ad25b3509965f

          SHA1

          7c44b1519011156af80b9722288052360cacec96

          SHA256

          59026a6add9b89ea645d2ef0c9742eeb3811a7d16c8c7cb902c454e6fb26cf0c

          SHA512

          82966282b78cdddb9556d7370ad601f73f069ad801adc6ca6cbd8ec95c7534606447ecd6a73dccf825bf0f66721e5736839b9594119360b10134cd2717ff072b

        • C:\WINDOWS\FONTS\NTAILUB.TTF

          Filesize

          73KB

          MD5

          3cdb6ac81169d4d2d5c0d8a204ef35a9

          SHA1

          68dfca890119f24ca3b5888c9a948abb8c50ca1f

          SHA256

          0dbe83bfdec1176241b3aa9952eaee8cd084b7536d7b900d4834d6b5f660b0b0

          SHA512

          723230191c17dbf82bcf88e1ed1a7f974eb7077bf495f6535e15cb48942873ab3dc2cc29f101e5b3b39c6782d5493c8ed6d47ff5126643db339102cc9911493d

        • C:\WINDOWS\FONTS\NYALA.TTF

          Filesize

          427KB

          MD5

          9f895be44fd462d400a25832ec1095a1

          SHA1

          e29a8f8cd34c000e16badd6ad41b0dc49c342cf2

          SHA256

          f75b25f420a9300ce6576f4af207a26bea45dc60c5a5e158dc75ff7cf66cf12b

          SHA512

          8828140f934123844b4d5b31b05c2dbd1106b8bcef25e50fae6aa7d1779c68afeb87dc5891a3c62b28de3bb5ec954962c49acf5b89b938684596f2365cc7adc3

        • C:\WINDOWS\FONTS\PHAGSPA.TTF

          Filesize

          143KB

          MD5

          623a4e160c7783fb2450e2fade07d883

          SHA1

          d354ffc229438dc712389cb7b893f63b4465b189

          SHA256

          111319fa89cd66d0f8b23a8a262cb32e6fb64134b63611a1b2220811029d605d

          SHA512

          64cc68b23a1d6d68f70ded7b5b0276d8c1836de871a97591b6eb222aa37f211b9eb94d5443cd83c5491377f7602efaeaf1f0ce7a26320d070f261a5f4920d82d

        • C:\WINDOWS\FONTS\PHAGSPAB.TTF

          Filesize

          146KB

          MD5

          c96b36c6ec8c33462679cbf409f929db

          SHA1

          b169a81cb21d800dc0c1ace84d2dfc281efa57ef

          SHA256

          aba7a72e1d649a843446b26e9a512ef9f8a7d83da41e5463501be9bca628ef88

          SHA512

          c8ff6de3f52db65a2d124e026833b1dca8c04651a5f2d4a135c2c636dd45503c8a566fea3b7193fcaf72669faa2a2226bc18d62c45ed5d01afcc21c0cb098bd4

        • C:\WINDOWS\FONTS\PLANTC.TTF

          Filesize

          116KB

          MD5

          dd7e0fcaaf9a62550b7bcfa1b4f0dcd9

          SHA1

          6c2bd75a926cb94f5b1cff2b84b6fc74078310af

          SHA256

          683cd454aa2a50347447ca9890feca86cc6eefc4696868dbf3925b0f6eca9e19

          SHA512

          c28f693a3bb15930b662922d9349af9ead0917c9f52ee6bd9046aa408bc141fe37417d4e5939f91ba59b7479e1a58398dd73424041918c504930b6d5b94bf626

        • C:\WINDOWS\FONTS\RAAVI.TTF

          Filesize

          92KB

          MD5

          8805728574a7eaf7d45ccb53591bd8a7

          SHA1

          4fdf666d5b569a78cddfd58465bc4137649c568c

          SHA256

          9538df0043b24213c23a5d72794c21b5a7079b7559ac139c61fcf6e5a1456d65

          SHA512

          ee6e9c3a061133f976e575bb5d3be991d2a98ec4d61d151519f6f83234710e9fc747d180f8736204c2f469005a85dc074aa42b5b0bf34cc030aa1bbb4c7df7d4

        • C:\WINDOWS\FONTS\RAAVIB.TTF

          Filesize

          91KB

          MD5

          32c4bfdafa2c62023f5a95ec3d404cdd

          SHA1

          9881a43c71a21377647225a4c880c0fa41804379

          SHA256

          18375130720bd594e3843f5190043c0ee5c443634de7377ce84d8c1c0e303665

          SHA512

          1d5413b9171c73d8e76b3aba249780f94a208e7c119de06c2c4977846e1d8aee33046fed33ba31ff0bcc69031bb23da55919cd1d26c780f9b15b36a656521008

        • C:\WINDOWS\FONTS\SEGOESC.TTF

          Filesize

          605KB

          MD5

          5c452fb7a0f5751f4e94e9d84eb01154

          SHA1

          b17c3a7d015b5cfb1b620f69df0daf1452e211f4

          SHA256

          8f6328619340426b2c985f6fd305bb64d164b20b20a5b493a21533761bd5d631

          SHA512

          3f2f5488d18a34017fa2b2c9857fab9f2f929e56aea73c00961370ff3069d65c8783a769b97edb069ee9c656ebc1bb98ead67bc9b5312c85c7e44d1c06e7e767

        • C:\WINDOWS\FONTS\SEGOESCB.TTF

          Filesize

          589KB

          MD5

          acd33fd0ea8c011932aa4f3ac713663c

          SHA1

          b7093d5df6b3a2d69470eb698850066ae2baa6f9

          SHA256

          abf76b314ca2432ab718a74a4028bb7707073cb0d50643547c59f41a540b66a5

          SHA512

          c1af195d7604d973321997124ab3c7e33c9cd35d2c31bef5953f0fef13376721a066b6dc9dbda56c2999914da36c9be5f54005a3538e313e78bbb58d90e71b29

        • C:\WINDOWS\FONTS\SEGOEUI.TTF

          Filesize

          505KB

          MD5

          6581cfaeee8057734a3f16d37719bfb2

          SHA1

          4ead8cc9d4d07eb9e081cc072cbbb15ca11670bd

          SHA256

          38be0d2b58bbd3249f5af9bbe1fa0b38fee587441ab0c1850d1dda1c0766a8c1

          SHA512

          1734888e9c6858b5f28dcfbec5b9ae7170f5d4eccd5d5a3316aaceefc60389d09a8cedbe8be77ca0470ca7534e89b79b00f2b6264b90fc4b6d003bc1860a64c1

        • C:\WINDOWS\FONTS\VANI.TTF

          Filesize

          377KB

          MD5

          a806161b4ab9f06085dd7c969c6ab6f3

          SHA1

          b9ac17e7d69541ecef72df40fde444beba6a6170

          SHA256

          82af7e7a7c45ebeea2c70b8676b8b3b8ed5ca5dee959fd5d83064ed376ecf70f

          SHA512

          1e2965bb677e2d9140d76d6aa43fc96984d376cca25e4457e2aeced778785a89179ab49c3587becb8ef4abd6287539683aabd39269c96b60adbda7aa0050e3d4

        • C:\WINDOWS\FONTS\VANIB.TTF

          Filesize

          361KB

          MD5

          756871f756ee24c7029aafdad4cbdc62

          SHA1

          05c488e40893a199cf6020711069df21a9e1fefa

          SHA256

          bf3a4ffaf0591f7a43498073b7d91dbb0840f73daee05c0d885ad849762eeecf

          SHA512

          837b03175db4448bc298ddd3a591efc079b87fdb06f65beed9f91ba9fa4f782a2096696f589d430f9bd34a694eee091bc661c10fd23249b3c0068c01845de48b

        • C:\Windows\Flopy.vbs

          Filesize

          560B

          MD5

          24b79b368001cbe34074a2a5e67a2e06

          SHA1

          867a0ee94b5b2c8f54068e72de73eb819e3fa298

          SHA256

          19f27ae792655c4af7610272b5a05667d2d81e05a4d346abd5c35715d29e9900

          SHA512

          8debb8148a432cd4c906e42f5535513bd7828eb8461b0e54b7602e38c041a0421bd11c619ca7d9af8e1905cde3af27f11ba7ca220ef3b567caf48b62ebcbde3c

        • C:\Windows\WindowsShell.manifest

          Filesize

          749B

          MD5

          5a5cff37f1bd0f86b9bdaad7a9445882

          SHA1

          9e7303426a4ba2742a8a550ad9ebbd4a93bcad68

          SHA256

          fbccfdc2d28e3b6edff0beea38a965bed68ce2613b5220cf4837d373faa78f8a

          SHA512

          b317761cae1bb9375b8af54ebb9c9594bd13fa31ace639596b28f7d04a4f6b6ee1e69d0823bdd3447a06b810dbc5f47faec9e10a8bd9ab597503949d4ba7ded2