Overview

overview

7

Static

static

3

MKL_fishin....0.rar

windows7-x64

4

MKL_fishin....0.rar

windows10-2004-x64

3

FixTOOLLLL...lC.rar

windows7-x64

3

FixTOOLLLL...lC.rar

windows10-2004-x64

3

Visual-C++...ll.bat

windows7-x64

7

Visual-C++...ll.bat

windows10-2004-x64

7

Visual-C++...64.exe

windows7-x64

7

Visual-C++...64.exe

windows10-2004-x64

7

Visual-C++...86.exe

windows7-x64

7

Visual-C++...86.exe

windows10-2004-x64

7

Visual-C++...64.exe

windows7-x64

7

Visual-C++...64.exe

windows10-2004-x64

7

Visual-C++...86.exe

windows7-x64

7

Visual-C++...86.exe

windows10-2004-x64

7

Visual-C++...64.exe

windows7-x64

7

Visual-C++...64.exe

windows10-2004-x64

7

Visual-C++...86.exe

windows7-x64

7

Visual-C++...86.exe

windows10-2004-x64

7

Visual-C++...64.exe

windows7-x64

7

Visual-C++...64.exe

windows10-2004-x64

7

Visual-C++...86.exe

windows7-x64

7

Visual-C++...86.exe

windows10-2004-x64

7

Visual-C++...64.exe

windows7-x64

7

Visual-C++...64.exe

windows10-2004-x64

7

Visual-C++...86.exe

windows7-x64

7

Visual-C++...86.exe

windows10-2004-x64

7

Visual-C++...64.exe

windows7-x64

7

Visual-C++...64.exe

windows10-2004-x64

7

Visual-C++...86.exe

windows7-x64

7

Visual-C++...86.exe

windows10-2004-x64

7

Visual-C++...��.txt

windows7-x64

1

Visual-C++...��.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 12:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Visual-C++/install_all.bat

  • Size

    1KB

  • MD5

    430dae8e5456ca1a46f7c3e633e53acd

  • SHA1

    cf7a361483d6a9dd34db701fc1324f8b69f34094

  • SHA256

    0caf84131587fd246071dadc0b4942ddc88bdbe42cf13677c3f832572328fbaa

  • SHA512

    315239791017d808bd3662c8591ec52e758c509a0b6be0463056700c0a67ef6de3be19d7ea960588813fb09dbd9422a26fd5486b199f2b5da40738a1227d1054

Score
7/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 36 IoCs
  • Drops file in Program Files directory 6 IoCs
  • Drops file in Windows directory 64 IoCs
  • Event Triggered Execution: Installer Packages 1 TTPs 2 IoCs
    persistenceprivilege_escalation
  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Visual-C++\install_all.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\Visual-C++\vcredist2005_x86.exe
      vcredist2005_x86.exe /q
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of WriteProcessMemory
      PID:1152
      • C:\Windows\SysWOW64\msiexec.exe
        msiexec /i vcredist.msi
        3⤵
        • Enumerates connected drives
        • Event Triggered Execution: Installer Packages
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2276
    • C:\Users\Admin\AppData\Local\Temp\Visual-C++\vcredist2005_x64.exe
      vcredist2005_x64.exe /q
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of WriteProcessMemory
      PID:832
      • C:\Windows\SysWOW64\msiexec.exe
        msiexec /i vcredist.msi
        3⤵
        • Enumerates connected drives
        • Event Triggered Execution: Installer Packages
        • Suspicious use of FindShellTrayWindow
        PID:1740
    • C:\Users\Admin\AppData\Local\Temp\Visual-C++\vcredist2008_x86.exe
      vcredist2008_x86.exe /qb
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of WriteProcessMemory
      PID:2352
      • \??\f:\ebaed4effde8623cf73177ac\install.exe
        f:\ebaed4effde8623cf73177ac\.\install.exe /qb
        3⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        PID:1048
    • C:\Users\Admin\AppData\Local\Temp\Visual-C++\vcredist2008_x64.exe
      vcredist2008_x64.exe /qb
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of WriteProcessMemory
      PID:3008
      • \??\f:\6b982daadaf33f914bce6204\install.exe
        f:\6b982daadaf33f914bce6204\.\install.exe /qb
        3⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        PID:1192
    • C:\Users\Admin\AppData\Local\Temp\Visual-C++\vcredist2010_x86.exe
      vcredist2010_x86.exe /passive /norestart
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:1612
      • \??\f:\b44f7b107cc31d503ca230c619\Setup.exe
        f:\b44f7b107cc31d503ca230c619\Setup.exe /passive /norestart
        3⤵
        • Executes dropped EXE
        • Checks processor information in registry
        PID:3024
    • C:\Users\Admin\AppData\Local\Temp\Visual-C++\vcredist2010_x64.exe
      vcredist2010_x64.exe /passive /norestart
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:1988
      • \??\f:\32477c85e0482244000888\Setup.exe
        f:\32477c85e0482244000888\Setup.exe /passive /norestart
        3⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        PID:1924
    • C:\Users\Admin\AppData\Local\Temp\Visual-C++\vcredist2012_x86.exe
      vcredist2012_x86.exe /passive /norestart
      2⤵
      • Adds Run key to start application
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      PID:2164
      • C:\Users\Admin\AppData\Local\Temp\Visual-C++\vcredist2012_x86.exe
        "C:\Users\Admin\AppData\Local\Temp\Visual-C++\vcredist2012_x86.exe" /passive /norestart -burn.unelevated BurnPipe.{7C655A9C-1AF1-4302-AEE7-26844DB369FB} {E5BBBAC4-9F1A-4C6A-8BFB-BAC1779AD428} 2164
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:1088
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 344
          4⤵
          • Program crash
          PID:556
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 860E4E9F42FC1C8199F1B643538BC159
      2⤵
      • Loads dropped DLL
      PID:2592
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding B1BA38285EA5A82A15E3D080B79176A7
      2⤵
      • Loads dropped DLL
      PID:960
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2824
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005A8" "00000000000003CC"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:2080
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot20" "" "" "65dbac317" "0000000000000000" "00000000000005A8" "0000000000000578"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    PID:1468
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot21" "" "" "6f9bf5bcb" "0000000000000000" "000000000000052C" "00000000000005A8"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    PID:2108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\f763a23.rbs
    Filesize

    29KB

    MD5

    f88ab20e3a83908a29b78b902f742fb5

    SHA1

    390680fbada15e7a74d9bbe0995deb28cb3f83fb

    SHA256

    6b89d207b3a89e6f6bc527707b6a1ffc15810bdbb0158a3505617ee174f06aec

    SHA512

    26b13a0491d9f21e76607d430a63258da4b15c0f2b461ff8a2ae09cf9b8944b967d3b48bd1023156a99f9ba7c7b551d1236f1ff9ba42771e5af0f7b5766ae462

    Download Submit

  • C:\Config.Msi\f763a28.rbs
    Filesize

    29KB

    MD5

    4892b9d55df0a19b8895f9113ae91ad1

    SHA1

    124fb2abf1fde1287ba13d5b4c8f302d17205d78

    SHA256

    7cb0f340e9fa05c270261cb719cefcda17defc0f7886ecab3300cf27bd4bafc1

    SHA512

    780055336e44d70be8ff05980330740c64711effa56a6841bc88d32b259163b62b6e92ebbfbeafc43305270f0adfbd68f5e9517ceeac61b3d891b36758acda28

    Download Submit

  • C:\Config.Msi\f763a2d.rbs
    Filesize

    4KB

    MD5

    9638ec8da438486c2ca23d24757307b0

    SHA1

    982bc9f2ceaed2f45b6aa094691dd7d3b53002d8

    SHA256

    2dc781fde4720e3ea8f273127592a55cdca1e9ad8a282949425d75ce2c13f391

    SHA512

    366b7f77361c1ed91ff09fb5ad191a4a24e44c304c1b3f09ac8d7cc0ab7a7dadd612d30fd96f4b660a40da2d21f328b9b1ddc4d69aa764832f12057c0b028bdb

    Download Submit

  • C:\Config.Msi\f763a32.rbs
    Filesize

    29KB

    MD5

    e0c0f600f24e92d4891fd7e7b647208d

    SHA1

    20d169bac7a649e14e5aad11a7b530ed0645661f

    SHA256

    7b0a6b8547b32a7cbb6b565c2b7cea4381a96eec175fdfd3947b94bd0d4d0dae

    SHA512

    bae2e3ec35c55d1a466dc30c62ff66e5e7cd5d94ca580e937f9724a13404c3e7d729f5a4bf49c438557efce79b26c46129131529af43549f6eef88f90bf9ce15

    Download Submit

  • C:\Config.Msi\f763a36.rbs
    Filesize

    4KB

    MD5

    41e883888361834a386c369560427e73

    SHA1

    989458c2b47739d525685420e5b4b5c91bb96abe

    SHA256

    6f092abfae047986967a4ddd99c6400fc97a2903b6e2db338e5b628bdf493b1d

    SHA512

    3cdf6988eb3d3b3995ae48e8a03f8351cf7f8b9157a5d6168dfcacb4a5dcab51747b6ef201d1c7afaa80c6fea5cec2514dd7e66d1959e4f54ac1e790c4420081

    Download Submit

  • C:\Config.Msi\f763a3b.rbs
    Filesize

    28KB

    MD5

    b5f43be7c98f5f73036c550576f1d375

    SHA1

    dfc10151a00872aa6c9883ba8ebfd3fa757d55a3

    SHA256

    e93fcafe88fa9e73a7e05d06da48548aa20ba376b681615922c523499a0a24a1

    SHA512

    604353b61b803464f8cccf046fdf2e92aedb8c61be0be693699d2ef440e1fff9c7b15fe69778fa2c9d0a75e074c563d531b53a55ffd96a5691e08ba2361024a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b50556eed81b4ed3476ec4a5bed6c686

    SHA1

    edfb9d5a1d6db186d83afd34ccea585e73faf968

    SHA256

    2c8eadd8b9e993c01c58e2296b8139b44373ff1bc8e882d0030b23bf88d553d3

    SHA512

    67052075c1159d141f6143432282445f7a01e319f000be634d51f5d83b9b239014b34cabb6f67f5dfe850b744590cc83292198b9b2065914d2749f1771c41e3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3A52.tmp
    Filesize

    67KB

    MD5

    2d3dcf90f6c99f47e7593ea250c9e749

    SHA1

    51be82be4a272669983313565b4940d4b1385237

    SHA256

    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

    SHA512

    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\HFI958C.tmp.html
    Filesize

    16KB

    MD5

    f10c4d0860e56171ca7e7b6bcfbe8d19

    SHA1

    2e8a698498eb99df136537435a2934e503017615

    SHA256

    8b4c9e669b745cf3c3b6c634b34676cf22bdacb8af4d6d252a48b7646e63e3b0

    SHA512

    e716cc5194e142e442f4be6e692c903b3a3c1620657a0a65dd1ee450f432c3090877bd8b8b1be978728f01c19b67bd456ffb96e172b507a60da6afc0a4c8360f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vcredis1.cab
    Filesize

    247KB

    MD5

    cc064d4b81619991de8131a86ad77681

    SHA1

    88d80d86cc20c27d7d2a872af719300bd2bb73f9

    SHA256

    913ee5a1cae3e5a1872b3a5efaaa00c58e4beb692492b138f76967da671b0477

    SHA512

    5aff0eb26cfc187bf58721b2b6d73357d9f1e66d1ac5340ad9ddc08b40ad0eda27a144cb3b650604637a7476c282ded83ed890de98a73ccaf0cc021da3a9eb25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vcredis1.cab
    Filesize

    312KB

    MD5

    77a9bff5af149160775741e204734d47

    SHA1

    7b5126af69b5a79593f39db94180f1ff11b0e39d

    SHA256

    20a26ed9a1edf7763a9b515522c5e29720048a482c7fbc8b7ff6bbdd27e61038

    SHA512

    bb0440f58f07e113bddd9a0afb5aab8af6493218784fe5fa6f4032e3a37088f91b7e766dee87cec4a9ea11d425d27b3b536430de3a52222e8bca3e0247d81e3b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vcredist.msi
    Filesize

    2.6MB

    MD5

    b20bbeb818222b657df49a9cfe4fed79

    SHA1

    3f6508e880b86502773a3275bc9527f046d45502

    SHA256

    91bdd063f6c53126737791c9eccf0b2f4cf44927831527245bc89a0be06c0cb4

    SHA512

    f534bc7bf1597e728940e6c3b77f864adfaa413bb1e080458326b692b0f96bddf4fbd294eeed36d7764a3578e6c8e919488bbf63b8fe2d4355ab3efd685424a4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vcredist.msi
    Filesize

    3.0MB

    MD5

    6dbdf338a0a25cdb236d43ea3ca2395e

    SHA1

    685b6ea61e574e628392eaac8b10aff4309f1081

    SHA256

    200fef5d4994523a02c4daa00060db28eb289b99d47fc6c1305183101e72bdeb

    SHA512

    6b5b31c55cf72ab92b17fb6074b3901a1e6afe0796ef9bc831e4dfb97450376d2889cd24b1cf3fce60eb3c1bcd1b31254b5cfa3ef6107974dfa0b35c233daf5a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\VWL8334.tmp
    Filesize

    392B

    MD5

    6c231fed2558424ff052da3a64e444eb

    SHA1

    8b8e49ba8f0155cfee01d9510e8a70a1ccef953b

    SHA256

    b95e09de0032861ad80c818a616e1e264a6c1b8b1294fce37f3bd659e8b1fc62

    SHA512

    2fb774cb815071e8874f0fca0c33d4d8762a98d0fff54bb712a251655c650340a026b31e71d70e0bb65ca7f631db28c19c2b1292caaf4d639381ac07bc9f3688

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\VWL88FE.tmp
    Filesize

    392B

    MD5

    62cf366ece7b932d18c74306844c4429

    SHA1

    e1c106ddaaae3b80b381218c4ae9a453952e961e

    SHA256

    38ac5e7b752e17331dbd6240e2d33b66d5b2d128763b1f5c34e8dd481e042450

    SHA512

    6c4322e36a505706c56a16a72f36044bf9761e2692b03644561cf7c1a8114ef42b9dfab20cca95fa408e96d2abaf26fe633a907adf18d042cbf311e941c54c16

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI3615.txt
    Filesize

    2KB

    MD5

    3f74792ac6fda510801775281db10993

    SHA1

    16da56b20f72c0bd78bdc6eef8f8245b4a1548e0

    SHA256

    0d7ddc9a178fbda35476ae2ece7dfa32fb46b8991997bcc818bbf6573f8b98e8

    SHA512

    63df06c57bca6f38093f6bff3d3a7e21ac6a4578c076671a95d65104127b6110857cc99807382ec4c2a9b11ec0706b3e53d53083aa0ff577afa896067221db06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI361C.txt
    Filesize

    2KB

    MD5

    a5facd71ba7aa92f419937fa6587091d

    SHA1

    9bbaf95002d6238aaab9f9eab65621755e30c2da

    SHA256

    f5d9bb2dad5868a36ba2c80444bc6896af2a213ff6c82ce5e13cdc48f70feb30

    SHA512

    d25a54efb8fee0f788ae1886497d5d03bfb98bccc17ef510027c5b7dbd6603c66d8825cae27bb6a8cb86e3f5d7593b17b120b38e594d0fb134fbebc3feefa502

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\.ba1\logo.png
    Filesize

    1KB

    MD5

    d6bd210f227442b3362493d046cea233

    SHA1

    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

    SHA256

    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

    SHA512

    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

    Download Submit

  • C:\Windows\Installer\MSI3CA5.tmp
    Filesize

    28KB

    MD5

    85221b3bcba8dbe4b4a46581aa49f760

    SHA1

    746645c92594bfc739f77812d67cfd85f4b92474

    SHA256

    f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f

    SHA512

    060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d

    Download Submit

  • F:\6b982daadaf33f914bce6204\install.exe
    Filesize

    834KB

    MD5

    f0995d5ebde916fa146f51d324cf410c

    SHA1

    6a03e96a663051683b82601b5c7be72d72ecdb1c

    SHA256

    f0110ab02e8a531e3e7d196c03f907c659e6262c75861dc0c8d05f6a3ccbdd6b

    SHA512

    8a2ca604c06077a1c5a7ac9782ff6815a4ea1b152502707120cf5a8edddcda7c8d1a71e16c80305a3fa098acb6ecf158c770e6d0a9cb2e57a9d875fb935664b8

    Download Submit

  • F:\b44f7b107cc31d503ca230c619\Setup.exe
    Filesize

    76KB

    MD5

    2af2c1a78542975b12282aca4300d515

    SHA1

    3216c853ed82e41dfbeb6ca48855fdcd41478507

    SHA256

    531eb45798728cb741043b28b8c1a4f75536dc75f92d100f55f9109d2d63f0d7

    SHA512

    4a70bd4b542f6001e46f827f341676c34af1ea216c50ad981dd04f547cd67f73aaa420fcbed379dc05dab199bf5ba00d899c49ff75da577613209f96226227eb

    Download Submit

  • F:\ebaed4effde8623cf73177ac\install.exe
    Filesize

    547KB

    MD5

    4138c31964fbcb3b7418e086933324c3

    SHA1

    97cc6f58fb064ab6c4a2f02fb665fef77d30532f

    SHA256

    b72056fc3df6f46069294c243fe5006879bf4a9d8eef388369a590ca41745f29

    SHA512

    40cf2f35c3a944fca93d58d66465f0308197f5485381ff07d3065e0f59e94fc3834313068e4e5e5da395413ff2d3d1c3ff6fa050f2256e118972bf21a5643557

    Download Submit

  • \??\f:\6b982daadaf33f914bce6204\install.res.1033.dll
    Filesize

    84KB

    MD5

    e8ed5b7797472df6f5e1dae87c123e5e

    SHA1

    71e203899c3faf5e9eb5543bfd0eb748b78da566

    SHA256

    6ad479dd35201c74092068cccd6d12fd84a45d2c04e927b39901a9126f9e06dd

    SHA512

    dfdd6bba404753f6afbc804551550bdc771eccc034c01f4c5149beb6d98424cf7b86fc63aac361a1840df9bc8365c726baab672055534620db70ca2c0e2e1b3e

    Download Submit

  • \??\f:\6b982daadaf33f914bce6204\vc_red.cab
    Filesize

    4.3MB

    MD5

    5cad07d592a2a43905d6b656b79a7abd

    SHA1

    9168413a66fe4e41ddd506a68e7f5e5feebf9d6b

    SHA256

    9f218cefe505a28a589b10f4e7c28ac479eca159e438012a9666e6f709bcf82f

    SHA512

    546065881b32421ba36076dd6848d98e444d89def7a4bfd3d7299d6de6f6f746a2abea2a00e24b02ba5ba2bde816a70529eb8ca48972ccc2d03f3ccb12df4261

    Download Submit

  • \??\f:\6b982daadaf33f914bce6204\vc_red.msi
    Filesize

    230KB

    MD5

    4aa5bbddbf6b2d1cf509c566312f1203

    SHA1

    0557e25cf4c2aa1bcb170707cd282ae864d93d17

    SHA256

    017e62a7a046acf00f5565e60f8eed4c5f409913e7ddc2f431d4236bbfdabab8

    SHA512

    e32fad32aefb70592eec56c55eaf65d6a6ed33939a6cabe7ff0ec33f91c4687001a41575ccfcac448c4739b2af4e309c2ec9e526104fb292d04aa8746dfad8f9

    Download Submit

  • \??\f:\b44f7b107cc31d503ca230c619\msp_kb2565063.msp
    Filesize

    3.8MB

    MD5

    9843dc93ea948cddc1f480e53bb80c2f

    SHA1

    d6ec9db8b8802ec85dd0b793565401b67ad8e5e0

    SHA256

    7c969fcda6ef09d2eb7bbbc8d81795eb60c9c69ed835fd16538369ad0a6e0f10

    SHA512

    79008cfdd8ae1ea27675588e7ba8123d08ce14047e5f167b3b5f6fbcdadeb45515bd72e18e59abf632ecbfbb42243fbcbebe4cbe0ed6ba195d0b2ca6d88676f9

    Download Submit

  • \??\f:\b44f7b107cc31d503ca230c619\vc_red.msi
    Filesize

    160KB

    MD5

    3ff9acea77afc124be8454269bb7143f

    SHA1

    8dd6ecab8576245cd6c8617c24e019325a3b2bdc

    SHA256

    9ecf3980b29c6aa20067f9f45c64b45ad310a3d83606cd9667895ad35f106e66

    SHA512

    8d51f692747cfdd59fc839918a34d2b6cbbb510c90dea83ba936b3f5f39ee4cbd48f6bb7e35ed9e0945bf724d682812532191d91c8f3c2adb6ff80a8df89ff7a

    Download Submit

  • \??\f:\ebaed4effde8623cf73177ac\globdata.ini
    Filesize

    1KB

    MD5

    0a6b586fabd072bd7382b5e24194eac7

    SHA1

    60e3c7215c1a40fbfb3016d52c2de44592f8ca95

    SHA256

    7912e3fcf2698cf4f8625e563cd8215c6668739cae18bd6f27af2d25bec5c951

    SHA512

    b96b0448e9f0e94a7867b6bb103979e9ef2c0e074bcb85988d450d63de6edcf21dc83bb154aafb7de524af3c3734f0bb1ba649db0408612479322e1aa85be9f4

    Download Submit

  • \??\f:\ebaed4effde8623cf73177ac\install.ini
    Filesize

    841B

    MD5

    f8f6c0e030cb622f065fe47d61da91d7

    SHA1

    cf6fa99747de8f35c6aea52df234c9c57583baa3

    SHA256

    c16727881c47a40077dc5a1f1ea71cbb28e3f4e156c0ae7074c6d7f5ecece21d

    SHA512

    b70c6d67dac5e6a0dbd17e3bcf570a95914482abad20d0304c02da22231070b4bc887720dbae972bc5066457e1273b68fde0805f1c1791e9466a5ca343485cde

    Download Submit

  • \??\f:\ebaed4effde8623cf73177ac\install.res.1033.dll
    Filesize

    85KB

    MD5

    ff6003014eefc9c30abe20e3e1f5fbe8

    SHA1

    4a5bd05f94545f01efc10232385b8fecad300678

    SHA256

    a522c5ea3250cdd538a9ce7b4a06dfd5123e7eb05eef67509f2b975a8e1d3067

    SHA512

    3adc5c705bab7fa7b50517a5eb3301491f5150b56e1088ed436590458e963da204cd1875af75db89742403476a56a94c3f425c05327767bdb4bbee4859667ac2

    Download Submit

  • \??\f:\ebaed4effde8623cf73177ac\vc_red.cab
    Filesize

    3.7MB

    MD5

    0ee84ab717bc400c5e96c8d9d329fbb0

    SHA1

    be4ba7bbb068c7256b70f4fd7634eaeb2ad04d0a

    SHA256

    461d575bc1a07f64c14f1da885d2f310bd282cbbedcd0a5cf8ffa7057411805d

    SHA512

    4a6b0619f471a51df09fb6c1eff4ed166cdb7ef57f79ffdf709fa952a7c2a176c338084689c8ace1a94024a24579e9ee0ab6d411c25a1b42b0f517c57749d1a2

    Download Submit

  • \??\f:\ebaed4effde8623cf73177ac\vc_red.msi
    Filesize

    222KB

    MD5

    7e641e6a0b456271745c20c3bb8a18f9

    SHA1

    ae6cedcb81dc443611a310140ae4671789dbbf3a

    SHA256

    34c5e7d7ea270ee67f92d34843d89603d6d3b6d9ef5247b43ae3c59c909d380d

    SHA512

    f67d6bf69d094edcc93541332f31b326131ff89672edb30fd349def6952ad8bfd07dc2f0ca5967b48a7589eee5b7a14b9a2c1ebe0cba4ae2324f7957090ea903

    Download Submit

  • \Program Files\Common Files\Microsoft Shared\VC\msdia90.dll
    Filesize

    835KB

    MD5

    b370bef39a3665a33bd82b614ffbf361

    SHA1

    ac4608231fce95c4036dc04e1b0cf56ae813df03

    SHA256

    a9f818f65074355e9376f9519b6846333b395d9b2d884d8d15f8d2f4991b860a

    SHA512

    66ebf1275d86c07f5c86244b10187453ef40a550d74b9eb24ac3fbf51419786b87fdefe84812d85dc269cb49377e1b51732b697ae089cfbf35123ea90932fdb8

    Download Submit

  • \Windows\SysWOW64\mfc100chs.dll
    Filesize

    35KB

    MD5

    c086a0aa8c39cb2ea09ea967d433733e

    SHA1

    b5139ed7a2af76ad71c1ed3625543c0c98256984

    SHA256

    21688ed8de2a5c9e95e25e750bd6d8a7bc5446172dae69af9df96feda022fc7e

    SHA512

    eaf03cf10669dd289e108370a6de7484acb0f59389eca6da907d579767de919b08a6388e635e06bb3d222dc4d9303f964634a6b8820572e796279063d192e926

    Download Submit

  • \Windows\SysWOW64\mfc100cht.dll
    Filesize

    35KB

    MD5

    44ee19cb7dd5e5fd95c77fe9364de004

    SHA1

    9dde4a75e2344932f4a91d8ef9656203c2b3b655

    SHA256

    254e83fad56aa1a1cba3d5e0fc32509fee82482f210e238e81f7d8b117a69b8c

    SHA512

    2c636abf08d44eedf452edf02bf4243e76e14bb95e8a24012787ddffcce69c1d7fc4be98c4b5cd70532fe8420882e1ade228900c5f36669fdd90fe0383dde6af

    Download Submit

  • \Windows\SysWOW64\mfc100deu.dll
    Filesize

    62KB

    MD5

    eca6624efebbe2c0c320ac942620c404

    SHA1

    acbeb473088cac5887e9d9823a00570a102a8705

    SHA256

    2bf46f1536ce621801fc621fabbe59f32ad856aa8ae085eb6e4469885c171da3

    SHA512

    860e7c994091418177dedc7d4e935985de0ceadc4eebb569d9e38024478daa78e621b57e722195915183c4e1935efd98c08e1e4c8cb2e7c47306ebfc097f49ad

    Download Submit

  • \Windows\SysWOW64\mfc100enu.dll
    Filesize

    53KB

    MD5

    2a2c442f00b45e01d4c882eea69a01bc

    SHA1

    85145f0f784d3a4efa569deb77b54308a1a21b92

    SHA256

    d71db839de0bc1fcc01a125d57ced2aaea3f444a992426c316ce18c267c33a8c

    SHA512

    f18d9019eee843d707aa307714a15207be2ded2eceab518599fbed8a3826a1a56f815fe75fb37f36c93be13f3d90e025f790db6b3ba413bfd5cd040b2cc7dbf7

    Download Submit

  • \Windows\SysWOW64\mfc100esn.dll
    Filesize

    62KB

    MD5

    b4e91c857c886c8731f7969d9a85665d

    SHA1

    a639781b1dc2c7bdd855be37fbb39b55ad5b734a

    SHA256

    7f3e218c1bf7bb0f00885afec8ed60c8edd48a73622feb2fce7cb282af1be900

    SHA512

    fbb841339b216fb677ddf798d004503a1c0c8a60d17edd502d2a893985cefba8b13febc594dcaa0ed9df823fbced0367d8c1074d7025e6bf6e6d4ec5cd1b2648

    Download Submit

  • \Windows\SysWOW64\mfc100fra.dll
    Filesize

    62KB

    MD5

    bb21453c6707a7b5dd9f727ed375f284

    SHA1

    56e7a1011221b87af1b1ea766114161fb5dd4a3a

    SHA256

    8630d9b71a04bfcad5ed15c11cbf88f2de42abfa458bc66963e6d0d207dc01c8

    SHA512

    c74bbfcd5c407fa1d8189f1805e12e2261268059c3f4d7ee5d5492811d161906b27e9623be55649504b2888f3aae0ad98038f420c1969cb6693328c78ec6b1c8

    Download Submit

  • \Windows\SysWOW64\mfc100ita.dll
    Filesize

    60KB

    MD5

    a99884aeac9c704600c6f5a44b3f7694

    SHA1

    1d65b58014f1ecffa3e8affa4b21ab4466732d9e

    SHA256

    54c711b8ec19ab39c881ba16af97dff6d1cd74c1e2fe6ff50ec51c466015aa6c

    SHA512

    dd2f6113b0d879c3699c97db42fbef03413dfccac9772596ace7fed5850b269ac0adc94c30439d5c37688e11ff73ffa53409d483bd2f419e16769b0213a5d46c

    Download Submit

  • \Windows\SysWOW64\mfc100jpn.dll
    Filesize

    42KB

    MD5

    76022ed341931c473d2dfb27d56e37fd

    SHA1

    be2b19cc30093069e61349908153d22383feda7f

    SHA256

    0c7637e3ae7e2c429807194c470a1e7bd98ae02d67d543380367f142cf08173a

    SHA512

    0c30ac2a2a1bafb4462142ecaf059800ba262e2f82d82f229f78a0b91018d38ed101aca29ef01458dea6f9d34b8fd76940f7c8765ff8fe9d412ee3dba5419f42

    Download Submit

  • memory/1048-300-0x0000000074A50000-0x0000000074A67000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1192-386-0x000007FEF6B70000-0x000007FEF6B88000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1924-712-0x00000000747D0000-0x00000000747F4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1924-711-0x0000000074B00000-0x0000000074BC8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/3024-537-0x00000000747D0000-0x00000000747F4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3024-536-0x0000000074B40000-0x0000000074C08000-memory.dmp

    Filesize

    800KB

    Download