c641e79ae3fa662a639f4fa3a0cb8723030c114bfb2d7ffad488de73afd574ce

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 09:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

host.bin.exe
Size

16KB
MD5

407318721d5587b5db6ce7873890db96
SHA1

87e69c62e196961f51b3a973a6b7e810dcb922c9
SHA256

c641e79ae3fa662a639f4fa3a0cb8723030c114bfb2d7ffad488de73afd574ce
SHA512

2dfa2e3c1ad5ba3e4dd81bfd646995fdcdc20c1080974a26cd01254506ba32d394693144758cf71bdc5726b71aa7721551ecea4f0bd8ca2ccffc17a837ff6f74
SSDEEP

384:y0sAA+LPsuTnVshZ9hA+b3Qj5MRjV1V/QBOIjLb1:yaV/+b3N31V/yb

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1004) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\README.txt	host.bin.exe
File created	C:\Windows\SysWOW64\drivers\gm.dls.abc	host.bin.exe
File created	C:\Windows\SysWOW64\drivers\gmreadme.txt.abc	host.bin.exe
File created	C:\Windows\SysWOW64\drivers\wimmount.sys.abc	host.bin.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	host.bin.exe
File opened (read-only)	\??\G:	host.bin.exe
File opened (read-only)	\??\I:	host.bin.exe
File opened (read-only)	\??\P:	host.bin.exe
File opened (read-only)	\??\B:	host.bin.exe
File opened (read-only)	\??\J:	host.bin.exe
File opened (read-only)	\??\W:	host.bin.exe
File opened (read-only)	\??\U:	host.bin.exe
File opened (read-only)	\??\V:	host.bin.exe
File opened (read-only)	\??\X:	host.bin.exe
File opened (read-only)	\??\Z:	host.bin.exe
File opened (read-only)	\??\E:	host.bin.exe
File opened (read-only)	\??\H:	host.bin.exe
File opened (read-only)	\??\S:	host.bin.exe
File opened (read-only)	\??\M:	host.bin.exe
File opened (read-only)	\??\N:	host.bin.exe
File opened (read-only)	\??\O:	host.bin.exe
File opened (read-only)	\??\Q:	host.bin.exe
File opened (read-only)	\??\R:	host.bin.exe
File opened (read-only)	\??\A:	host.bin.exe
File opened (read-only)	\??\K:	host.bin.exe
File opened (read-only)	\??\L:	host.bin.exe
File opened (read-only)	\??\T:	host.bin.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\es-ES\wiaaut.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\Ribbons.scr.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\tdh.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\nsisvc.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\ja-JP\dsprop.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\ja-JP\ivfsrc.ax.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\PortableDeviceApi.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\wimgapi.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\zh-HK\README.txt	host.bin.exe
File created	C:\Windows\SysWOW64\zh-CN\README.txt	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\dpapiprovider.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\diskcopy.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\it-IT\mp4sdecd.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\avifil32.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\scesrv.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\msctfui.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\webio.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\pshed.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\vdsvd.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\rasgcw.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\UIRibbon.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\tapiui.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\oleaccrc.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\ja-JP\dnscmmc.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\it-IT\uxtheme.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\wininet.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\expsrv.dll.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\devenum.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\RestartManagerUninstall.mfl.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\acledit.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\slcext.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\services.msc.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\netlogon.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\authfwgp.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\shimgvw.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\NcdProp.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\packager.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\pt-BR\README.txt	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\packager.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\sens.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\ja-JP\imapi.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\VaultCredProvider.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\nlmgp.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\pdh.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\fthsvc.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\ja-JP\l3codeca.acm.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\wldap32.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\rtm.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\ar-SA\README.txt	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\imaadp32.acm.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\rpchttp.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\Vault.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\batmeter.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\msmpeg2enc.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\shwebsvc.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\ja-JP\iassdo.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\ja-JP\g711codc.ax.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\es-ES\sud.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\Faultrep.dll.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\wdi.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\ir41_32.ax.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\fr-FR\certmgr.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\ja-JP\iasads.dll.mui.abc	host.bin.exe
File created	C:\Windows\SysWOW64\en-US\mstscax.dll.mui.abc	host.bin.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.abc	host.bin.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.abc	host.bin.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.abc	host.bin.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\XIMAGE3B.DLL.abc	host.bin.exe
File created	C:\Program Files (x86)\Windows Defender\en-US\MpAsDesc.dll.mui.abc	host.bin.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.abc	host.bin.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.abc	host.bin.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.abc	host.bin.exe
File created	C:\Program Files\MovePop.ram.abc	host.bin.exe
File created	C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.abc	host.bin.exe
File created	C:\Program Files\Windows Media Player\de-DE\README.txt	host.bin.exe
File created	C:\Program Files\Windows Sidebar\de-DE\README.txt	host.bin.exe
File created	C:\Program Files\DisablePing.htm.abc	host.bin.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE.abc	host.bin.exe
File created	C:\Program Files (x86)\MSBuild\README.txt	host.bin.exe
File created	C:\Program Files\Windows Defender\MpEvMsg.dll.abc	host.bin.exe
File created	C:\Program Files\Windows Journal\MSPVWCTL.DLL.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\mscss7cm_es.dub.abc	host.bin.exe
File created	C:\Program Files\Windows Mail\de-DE\msoeres.dll.mui.abc	host.bin.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.abc	host.bin.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Austin.thmx.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MEDCAT.DLL.abc	host.bin.exe
File created	C:\Program Files\Java\jre7\README.txt.abc	host.bin.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.abc	host.bin.exe
File created	C:\Program Files\DVD Maker\fr-FR\README.txt	host.bin.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.abc	host.bin.exe
File created	C:\Program Files\Windows Mail\msoe.dll.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Apex.thmx.abc	host.bin.exe
File created	C:\Program Files\Windows Defender\fr-FR\README.txt	host.bin.exe
File created	C:\Program Files\Windows Mail\ja-JP\README.txt	host.bin.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.abc	host.bin.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll.abc	host.bin.exe
File created	C:\Program Files\Microsoft Office\Office14\README.txt	host.bin.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.abc	host.bin.exe
File created	C:\Program Files\Windows Media Player\mpvis.DLL.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\mscss7wre_en.dub.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE.abc	host.bin.exe
File created	C:\Program Files\Java\jre7\release.abc	host.bin.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.abc	host.bin.exe
File created	C:\Program Files\RepairExport.hta.abc	host.bin.exe
File created	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Solstice.thmx.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\mset7fr.kic.abc	host.bin.exe
File created	C:\Program Files\Common Files\System\README.txt	host.bin.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.abc	host.bin.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.abc	host.bin.exe
File created	C:\Program Files\Windows Journal\jnwmon.dll.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE.abc	host.bin.exe
File created	C:\Program Files\DVD Maker\offset.ax.abc	host.bin.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.abc	host.bin.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONMAIN.DLL.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OUTLPH.DLL.abc	host.bin.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll.abc	host.bin.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\README.txt	host.bin.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\README.txt	host.bin.exe
File created	C:\Program Files\Windows Sidebar\settings.ini.abc	host.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\mset7es.kic.abc	host.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.abc	host.bin.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\Manifests\amd64_brmfcsto.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_146455464977a39b.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.1.7601.17514_none_e4433b761c0c84cd.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_winusb.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_en-us_186a27436af02941.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-imapiv2-base.resources_31bf3856ad364e35_6.1.7600.16385_de-de_30012f867c2b42bf\README.txt	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ringtone.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3e02aaeea3c47c44\DXPTaskRingtone.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-logon-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ee6fed90b389c91b.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..tymanager.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_337a628028a370ae.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ehstor-api.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0b34f316fbee6b9f\EhStorAPI.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\FileMaps\program_files_x86_windows_sidebar_gadgets_calendar.gadget_it-it_cfa6ff3e37526ccd.cdf-ms.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-n..line-tool.resources_31bf3856ad364e35_6.1.7600.16385_es-es_16c9077edc8e168e.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-s..nter-core.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1acd9cc9b80a966e\README.txt	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..emotepage.resources_31bf3856ad364e35_6.1.7600.16385_es-es_b6b94920933fd47b\README.txt	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_fr-fr_5cd914b477989bc3\README.txt	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-t..igbackend.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8c3069757dc6f159\README.txt	host.bin.exe
File created	C:\Windows\diagnostics\index\WindowsUpdateDiagnostic.xml.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..m-starter.resources_31bf3856ad364e35_6.1.7601.17514_de-de_e662f6f8b87f49c0\license.rtf.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-msidntld.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4257f65d45f39d17\README.txt	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8e8339c195243c22\sapi.cpl.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_prnca00z.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ff15b60351b27ca9\CNBIC4_7.DLL.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..er-office.resources_31bf3856ad364e35_7.0.7600.16385_fr-fr_a6ce13d821184fe8.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.1.7601.17514_none_8d61dfe880c198b7.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-m..yer-dvdregistration_31bf3856ad364e35_6.1.7600.16385_none_e0e4a1875c30d8c6.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_prnky004.inf.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_21664346059726e8\prnky004.inf_loc.abc	host.bin.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-m..ification.resources_31bf3856ad364e35_6.1.7600.16385_es-es_04836b3b3a2b7d0d\Magnification.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_ffeecffc6b986ebd\wow64_Microsoft-Windows-IE-HTMLRendering.ptxml.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_wudfusbcciddriver.inf_31bf3856ad364e35_6.1.7601.17514_none_c09fb51818544c63\WUDFUsbccidDriver.dll.abc	host.bin.exe
File created	C:\Windows\winsxs\FileMaps\$$_microsoft.net_framework64_v2.0.50727_1031_b3c88eb113ae6c55.cdf-ms.abc	host.bin.exe
File created	C:\Windows\winsxs\msil_microsoft.web.management.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_2302b7cb28079911\Microsoft.Web.Management.resources.dll.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-n..kexplorer.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8774b5b6893626b6\README.txt	host.bin.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-rasserver.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7ae2c74d1db5e2e6.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-netprofui.resources_31bf3856ad364e35_6.1.7600.16385_es-es_53ffa70de90b78e3\netprof.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sxs.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_7c9667d55cc5499c\README.txt	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a582f9460b3fbc4f.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7600.16385_es-es_ee2eb924e76291e1.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\Eventlog-DL.man.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\README.txt	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-i..rendering.resources_31bf3856ad364e35_11.2.9600.16428_en-us_ef3f7e95187b579b\mshtml.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ncsi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_23432a501fa0d204\ncsi.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_prnlx00v.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad7f69318e9cbdb0.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_667cd080c86ee37c\README.txt	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..xthandler.resources_31bf3856ad364e35_6.1.7600.16385_es-es_3d94a638b381d20f\README.txt	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-hotstart-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bb1bf6c63f4ee335\HotStart.adml.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_es-es_1d72a0e2bb459532\about_remote_jobs.help.txt.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..r_service.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_e15c2094ca55f651\iscsidsc.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-dssec.resources_31bf3856ad364e35_6.1.7601.17514_en-us_2ab7ec6c3f6a5622\README.txt	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-waitfor.resources_31bf3856ad364e35_6.1.7600.16385_es-es_892f93fb19558633\README.txt	host.bin.exe
File created	C:\Windows\winsxs\Manifests\wow64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_1a0ca3a01119ca4b.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..ry-editor.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_f94901860f694f56.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ce950006d3e0aaf6\vfwwdm32.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-help-helpcins_31bf3856ad364e35_6.1.7601.17514_none_ee4731f0b3e39e23\README.txt	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-n..installer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_148db478a63514af\README.txt	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-securestartup-tool_31bf3856ad364e35_6.1.7600.16385_none_9855f14806fab3d2\manage-bde.wsf.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-tcpip.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_5707b336a41b04a4.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_56cc3687acc564e8\about_Command_Syntax.help.txt.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..w-devenum.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_3df688bd2ad75d18\README.txt	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..lient-dll.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5588b35e1b8aed89\dhcpcore6.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..docs-main.resources_31bf3856ad364e35_6.1.7601.17514_de-de_18fdeea986d5e635.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_prnbr003.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cb5615c491ff5304\BRPTUI2.DLL.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-help-ics.resources_31bf3856ad364e35_6.1.7600.16385_es-es_bd0edcbcba8e7b7c.manifest.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-v..r-windows.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7554e1450e725513\avifil32.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\amd64_wiaca00i.inf_31bf3856ad364e35_6.1.7600.16385_none_9dff40bd2f903760\CNC172FD.TBL.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-advpack.resources_31bf3856ad364e35_8.0.7600.16385_en-us_51b86a7fe0f26a03\advpack.dll.mui.abc	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-i..onal-codepage-20297_31bf3856ad364e35_6.1.7600.16385_none_552c171545887c7b\README.txt	host.bin.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_it-it_49af114e8032b8d2\README.txt	host.bin.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	host.bin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	host.bin.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	host.bin.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	host.bin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	host.bin.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2548	1992	host.bin.exe	31
PID 1992 wrote to memory of 2548	1992	host.bin.exe	31
PID 1992 wrote to memory of 2548	1992	host.bin.exe	31
PID 1992 wrote to memory of 2548	1992	host.bin.exe	31

C:\Users\Admin\AppData\Local\Temp\host.bin.exe
"C:\Users\Admin\AppData\Local\Temp\host.bin.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\host.bin.exe
  "C:\Users\Admin\AppData\Local\Temp\host.bin.exe" --foodsum
  2⤵
  - Drops file in Drivers directory
  - Enumerates connected drives
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.abc

Filesize
1.8MB

MD5
105785e7fa0b28816bd413237869ef61

SHA1
3e52f255982595261865330f68ffb608fb4029c3

SHA256
902f407c50aa766d7f83c2e325aff3c38d42aadc3096ac32a36aec1ae98c6f60

SHA512
8e599a02d18c3312c77fbded3195360edd661c696399fc8c693ed56f260184e739445e19ad3ff7160e343ead4bc3e0760518da018f9d753d70b384969967021d

Download Submit
C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.abc

Filesize
30KB

MD5
f7966f338cf1f84b2c9fef468fe87578

SHA1
729158998ff82319bbe412ddf3ff9d9fe5fc606e

SHA256
6bfb63fe36ed7f941f213bca4d36ce1a8ef22ba5051017629bb744b8c4a0c021

SHA512
66c6674e325225f97cc602848f131d93049d0244fb9213d99aa560d1e6d275b676d6abe3267cf94aac62885263f3ff88c8e3057de22d875ab8d5d60f91571cc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8393.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar83A6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Documents\README.txt

Filesize
111B

MD5
7793d1a4ba8000c9e555f2e423d6cc1f

SHA1
49b79631ce21fac326fadc2290155c9272504875

SHA256
1204e6c73ff8ec9486e0b2db45e5d193e6894d63069e92085c9deef38e0fcdd5

SHA512
08de2ab0158dc667d1a2626713a9ad55959027a23131a894d197a0fe23f0616522e2e43b6d9fa3ea2daa6bc4a46dfad379d4f59bb2f0f9a6255e41e731f0903f

Download Submit
C:\Users\Admin\Favorites\Windows Live\Windows Live Spaces.url.abc

Filesize
144B

MD5
ca50283f74499a356b798aee7e58c563

SHA1
8d0bffda7fb1e6ca5de8b144d19f169aba83705c

SHA256
937ded9cd4a20f23724c064357ced36a924c989f4ff4ecaaf26faf03bc5f1a63

SHA512
39d2f29bbdbc403066b38054920edb6f83adefa30afb42c652d6273bd9155609a5676d8a0b44e1671b8ce7fd9c7d64555c118ae19b48875c226785b5b1efd1bc

Download Submit
C:\Users\Admin\Pictures\DenyRemove.cr2.abc

Filesize
486KB

MD5
784036fe8a25e97be99f40163751e18b

SHA1
1e9685c9a6206cd8f808b174d88887bdd394f20f

SHA256
049673c37161b7ad7fac021b8a3fd3be6671e2d10ec167b989af308b0afcf75f

SHA512
da269f58442edcea2d1d5ff352b47b439500ca005a16d8126b7856f63bf0174a283d002a41fa373de7847e427ab1b60d022a95b2403500910603f9805141bcff

Download Submit
C:\Windows\Fonts\BOD_PSTC.TTF.abc

Filesize
89KB

MD5
97ae80c0661928f867b87e77bb5dda35

SHA1
88300fd5df9cacc3abae98485e9af10f05720f47

SHA256
4c6ae9a18b8c13bb8b724636cc44d49f525267306f188adc6006125bbb5454ca

SHA512
97fd8c14a80253cb98a939963d09abf49c71204ea2942f8511b5015fadd986c5f2e8e3de9893b3f090e557c1d32a04c2aec200633bab548a804bd436d627ee6d

Download Submit
C:\Windows\SysWOW64\en-US\mdminst.dll.mui.abc

Filesize
17KB

MD5
e53ae8a8db4e7f1618711157534fcc0f

SHA1
f36221178c858af87e019b38396dc8bf5aef740a

SHA256
9ef5a40aa889c61b3097471de7c9980562a9526e71f8be86b432775ff84b726c

SHA512
46fc006a03cf420e8f5f4169618c34638fbd6cb377c86e12e55c56024e4b6f993e9bfc290e1cfdffcf118dcf557d674082295f87f359f5b93263ec8ad74605f3

Download Submit
C:\Windows\SysWOW64\es-ES\syncreg.dll.mui.abc

Filesize
2KB

MD5
ca2fa4249d54b2b65f9c9a7cb1f0eb4d

SHA1
22b31b9972313b1be71c57d557515e300d0ff8a6

SHA256
108e9e263152561e581effd0c259899b54ac32e99f8550b245c03c5eeaa51a64

SHA512
9cfc414ded5b817dee048e06705d5a862f92cd46739f9f6a5d744e1475ecf4ed1592cfd37d918bc22298e3fec904ff9c3180d6c696875cd4ca8dbeaa3e45ef97

Download Submit
C:\Windows\SysWOW64\fr-FR\grb.rs.mui.abc

Filesize
3KB

MD5
94fc81ac6b236202502b97584ee28de4

SHA1
5b280bf6f6a1610a77ac72a54fb8e4da56f31c3f

SHA256
732c3db2c2130ed6fa907e65a33b7e65dd58316435af0595119902df035553b9

SHA512
0f24d7893c2bbd572b4c990cd73abbe89df0ef4e2df22af90c81c61a9fd488d66563b23f97084364362c8ec5e13c3bcae360a9916f101e76d6c08c200da43f48

Download Submit
C:\Windows\SysWOW64\fr-FR\lusrmgr.msc.abc

Filesize
141KB

MD5
77e56e4367625e08d9468668980fbf43

SHA1
d38e85355a520923eb5542b4f42161ebe67ccc20

SHA256
ffdccdb8623ebd3f6f9674ca53d42ba6f34431188fb9cb57557582a4fc852b6e

SHA512
f74bbfcd1b82aafb7b79457e61e7221d8f3d1f7f114d2d74426db0f4f535b0a8adbc2b15c5d2e3f83114bb9670681c8cbb42c41589dd912f03590c337281032a

Download Submit
C:\Windows\SysWOW64\fr-FR\ole32.dll.mui.abc

Filesize
3KB

MD5
47b677df5289ec6d0724f4a6e3f2ad84

SHA1
1242a9d41d4cd662bbb3a79ce4b1ffeaa2917cff

SHA256
e416f847d19fe46480a347fdd97946ba5586205844327b0290a7289283e835af

SHA512
f304de768f0ce926373bd756cc7d205704da87ae95e3233bc3e5b41207fdb6e4b2f512ef27f6a3657da505a7940574991af1a2e4194f34f714b4a492e4e3f334

Download Submit
C:\Windows\SysWOW64\ja-JP\adprovider.dll.mui.abc

Filesize
2KB

MD5
c28f4e6e3b74b7b10369212bf05261ab

SHA1
eef5865d11028d1d25188ea2063548f588d5614f

SHA256
30faadad26a52120f889aa83a6d33ba3ed3eb2e9e034f46e79fec0802b804e3d

SHA512
00dd304f3f4877880842368941a1a4b96f4e8ef6508751f6b0e5057facc3d7fc0138297664ae9702b1f418fc0b9470150d5c451b563f2a0b7c12d231b85e5e97

Download Submit
C:\Windows\SysWOW64\ja-JP\asferror.dll.mui.abc

Filesize
5KB

MD5
32b3064dd678b608769a9ca7c8122330

SHA1
c8aae66e5a7a7688d4a2c338958888504d9726e9

SHA256
0b9d51b97bb7ff3c7ce081b3e56ffdc9dd2b02c978e7c58db0e010ea8d1243fc

SHA512
bc2bddd05b7dbb5294baae8465f5b0d8d8ad9ee07c388d84bc3c74c230943a126f25f525364ee88b92cf0cf9fc806a8312717fadbee0345f99604da9129c8d47

Download Submit
C:\Windows\SysWOW64\ja-JP\icm32.dll.mui.abc

Filesize
2KB

MD5
02e24c4e51e83e5ebc789b5345af2f03

SHA1
63a8e76b496090a3562af56e6d32be9a1f985dbf

SHA256
cc3703efce7fa5f50caf01d210e93ba23eef62dd64adb4476b7782bc1014fcec

SHA512
4ea413f150fc95016042302f56941d2475088f3c8160a00a08179912a86a1cb32c165dffcaa503c7aad0c6b53fdbcad5bbf0d897a75f395b6c00f277c3b87543

Download Submit
C:\Windows\SysWOW64\ja-JP\ksxbar.ax.mui.abc

Filesize
3KB

MD5
0f9f6c74172aac63860a41d09871011f

SHA1
e5d8a212cace57ec993edf6268faf260c2e22aa0

SHA256
5fc676b99477ce19854746eaa84f56848058e159a5280c9273e8ebe1f752b713

SHA512
1ffa1f5bf15a2bdd62d8ac3967089c832dbd8b50534461334110b5670eab496d9d65e189e1be0e066bb357f2729848d81f1dea74df2ff58a73bb790f0ea570a7

Download Submit
C:\Windows\ehome\ja-JP\ehjpnime.dll.mui.abc

Filesize
2KB

MD5
bf2ead7936f027b11eadea31f83f5cea

SHA1
209b80cddd3c445c84c074e1e95b18e85b28d640

SHA256
c92d63ab25a5aa6e62cde6a05c141e50c8be45a414085825cbdff410a069f853

SHA512
a8939e7218eda01b9c2204d0340534308667178f481058bf1ffa58abedccbf6056d208a53507558abb2a076847588ebe731c08657577b30476dfd03bde5e9093

Download Submit