0c35ab1832945198c2e913891461a84f4872b5be60a64fd91084eead9e4e23e6

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

update.exe
Size

16KB
MD5

af87d850a15f1fbde5e824116e1f174b
SHA1

9d704094e5f7386104dc5b7b155768fbac9fc0f9
SHA256

11863fecf89dd0fd635456d680fa4a268d9f63dc5a76093fbb79c6686d5ae17b
SHA512

b0962ca6b3f96defd0b34c723bf13ec35cbda1ed5551ac41ee0ef04fffb799284ad7e4324c856443f14511b7ee83dc2bdc5588c6d6a87050ac4344c4d08c13b3
SSDEEP

384:K0sAA+LPsuTnVshZ9hA+b3Qj5MRjVpV/QBOIjLbd:KaV/+b3N3pV/yb

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (1615) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\README.txt	update.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	update.exe
File opened (read-only)	\??\H:	update.exe
File opened (read-only)	\??\M:	update.exe
File opened (read-only)	\??\O:	update.exe
File opened (read-only)	\??\V:	update.exe
File opened (read-only)	\??\G:	update.exe
File opened (read-only)	\??\R:	update.exe
File opened (read-only)	\??\T:	update.exe
File opened (read-only)	\??\Z:	update.exe
File opened (read-only)	\??\E:	update.exe
File opened (read-only)	\??\J:	update.exe
File opened (read-only)	\??\K:	update.exe
File opened (read-only)	\??\P:	update.exe
File opened (read-only)	\??\Q:	update.exe
File opened (read-only)	\??\S:	update.exe
File opened (read-only)	\??\W:	update.exe
File opened (read-only)	\??\A:	update.exe
File opened (read-only)	\??\I:	update.exe
File opened (read-only)	\??\L:	update.exe
File opened (read-only)	\??\N:	update.exe
File opened (read-only)	\??\U:	update.exe
File opened (read-only)	\??\X:	update.exe
File opened (read-only)	\??\Y:	update.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\en-US\DfsShlEx.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\msimtf.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\fr-FR\adprovider.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\it-IT\iphlpapi.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\gpapi.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\fr-FR\hidphone.tsp.mui.abc	update.exe
File created	C:\Windows\SysWOW64\it-IT\oobefldr.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\wbem\wdigest.mof.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\msscript.ocx.mui.abc	update.exe
File created	C:\Windows\SysWOW64\it-IT\scecli.dll.mui.abc	update.exe
File opened for modification	C:\Windows\SysWOW64\en-US\nlhtml.dll.mui.abc	update.exe
File opened for modification	C:\Windows\SysWOW64\en-US\nlsbres.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\es-ES\CertEnrollUI.dll.mui.abc.abc	update.exe
File created	C:\Windows\SysWOW64\de-DE\dsprop.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\es-ES\dot3dlg.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\fr-FR\CertEnroll.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\wpcao.dll.abc	update.exe
File created	C:\Windows\SysWOW64\es-ES\azroleui.dll.mui.abc.abc	update.exe
File created	C:\Windows\SysWOW64\es-ES\DDORes.dll.mui.abc	update.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\fwcfg.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\it-IT\dmocx.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\winbio.dll.abc	update.exe
File created	C:\Windows\SysWOW64\xpssvcs.dll.abc	update.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\compstui.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\it-IT\SCardSvr.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\wbem\stdprov.dll.abc	update.exe
File created	C:\Windows\SysWOW64\de-DE\fde.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\NAPMONTR.DLL.MUI.abc	update.exe
File created	C:\Windows\SysWOW64\html.iec.abc	update.exe
File created	C:\Windows\SysWOW64\es-ES\cmdial32.dll.mui.abc.abc	update.exe
File opened for modification	C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll.abc	update.exe
File created	C:\Windows\SysWOW64\es-ES\dhcpcsvc6.dll.mui.abc.abc	update.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\diskcopy.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\adsmsext.dll.abc	update.exe
File created	C:\Windows\SysWOW64\ctl3d32.dll.abc	update.exe
File created	C:\Windows\SysWOW64\fr-FR\hcproviders.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\wbem\nshipsec.mof.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\FunDisc.dll.mui.abc	update.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\acctres.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\IpsmSnap.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\de-DE\azroles.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\WEB.rs.abc	update.exe
File created	C:\Windows\SysWOW64\zh-TW\DWrite.dll.mui.abc	update.exe
File opened for modification	C:\Windows\SysWOW64\en-US\iasdatastore.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\iepeers.dll.mui.abc.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\pnidui.dll.mui.abc	update.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\hidphone.tsp.mui.abc	update.exe
File created	C:\Windows\SysWOW64\es-ES\iasads.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\he-IL\fms.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\it-IT\iyuv_32.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\it-IT\pdhui.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\zh-CN\WMPhoto.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\localsec.dll.mui.abc.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\msfeedsbs.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\comrepl.dll.abc	update.exe
File created	C:\Windows\SysWOW64\es-ES\d2d1.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\fr-FR\PhotoScreensaver.scr.mui.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\ntshrui.dll.mui.abc	update.exe
File opened for modification	C:\Windows\SysWOW64\es-ES\basecsp.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\fr-FR\NetworkMap.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\it-IT\ifmon.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\en-US\aelupsvc.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\es-ES\aaclient.dll.mui.abc	update.exe
File created	C:\Windows\SysWOW64\it-IT\mcicda.dll.mui.abc	update.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Mail\oeimport.dll.abc	update.exe
File created	C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll.abc	update.exe
File created	C:\Program Files (x86)\Windows Defender\es-ES\README.txt	update.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\BCSStr32.dll.abc	update.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.abc	update.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Grid.thmx.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACEDAO.DLL.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Waveform.thmx.abc	update.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.abc	update.exe
File created	C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui.abc	update.exe
File created	C:\Program Files (x86)\Internet Explorer\sqmapi.dll.abc	update.exe
File created	C:\Program Files\desktop.ini.abc	update.exe
File created	C:\Program Files (x86)\Windows Sidebar\fr-FR\README.txt	update.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.abc	update.exe
File created	C:\Program Files\Windows Journal\MSPVWCTL.DLL.abc	update.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.abc	update.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.abc	update.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.abc	update.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ContactPicker.dll.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\EMSMDB32.DLL.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSCOL11.PPD.abc	update.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.abc	update.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.abc	update.exe
File created	C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NL7MODELS0009.dll.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ASCIIENG.LNG.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL.abc	update.exe
File created	C:\Program Files (x86)\Windows Portable Devices\README.txt	update.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.abc	update.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.abc	update.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.abc	update.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.abc	update.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.abc	update.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\F12Tools.dll.mui.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACCDDS.DLL.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OART.DLL.abc	update.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Adjacency.thmx.abc	update.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.abc	update.exe
File created	C:\Program Files (x86)\Internet Explorer\D3DCompiler_47.dll.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OMML2MML.XSL.abc	update.exe
File created	C:\Program Files\Windows Sidebar\sbdrop.dll.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\AUDIOSEARCHMAIN.DLL.abc	update.exe
File created	C:\Program Files\VideoLAN\VLC\libvlc.dll.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.Runtime.dll.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE.abc	update.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\README.txt	update.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.abc	update.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\README.txt	update.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.abc	update.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OARTCONV.DLL.abc	update.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.txt	update.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.abc	update.exe
File created	C:\Program Files\Windows Mail\es-ES\msoeres.dll.mui.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE.abc	update.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.abc	update.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.abc	update.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.abc	update.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.abc	update.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MLSHEXT.DLL.abc	update.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8fc6fc4f33a62837\README.txt	update.exe
File created	C:\Windows\winsxs\FileMaps\$$_system32_manifeststore_7d35b12f9be4c20e.cdf-ms.abc	update.exe
File created	C:\Windows\winsxs\FileMaps\program_files_dvd_maker_shared_dvdstyles_rectangles_5bea48dc003ff122.cdf-ms.abc	update.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-hotstart-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_068f9fa22125f701.manifest.abc	update.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-v..ice-dynamicprovider_31bf3856ad364e35_6.1.7600.16385_none_b9ee1de1ca498be1.manifest.abc	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dacce684029df516\bootmgr.efi.mui.abc	update.exe
File created	C:\Windows\winsxs\Backup\amd64_microsoft-windows-font-bitmap-fixed_31bf3856ad364e35_6.1.7600.16385_none_db04d3f548508fd9_8514fixe.fon_f66366a7.abc	update.exe
File created	C:\Windows\winsxs\Backup\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_58531de323d90bc5.manifest.abc	update.exe
File created	C:\Windows\winsxs\amd64_wudfusbcciddriver.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_4cd2fa2e51487876\README.txt	update.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-o..tend-apis.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_d0bbdcbc78b7c85f.manifest.abc	update.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-p..rgraphing.resources_31bf3856ad364e35_6.1.7600.16385_en-us_16bb555b20a2c325.manifest.abc	update.exe
File created	C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3.manifest.abc	update.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-t..ion-reflectordriver_31bf3856ad364e35_6.1.7601.17514_none_80a0bff528d7b32b\rdprefdrvapi.dll.abc	update.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-w..cture-bsp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cdb792a8c509541e\README.txt	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..tcpmondll.resources_31bf3856ad364e35_6.1.7600.16385_de-de_d2162bc9b4f4fa29\README.txt	update.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.1.7600.16385_none_fdde508273949e1f\legend.browser.abc	update.exe
File created	C:\Windows\winsxs\Backup\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457_csc.sys_06be9334.abc	update.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-usbui.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_db26e4abc301da18.manifest.abc	update.exe
File created	C:\Windows\Fonts\shruti.ttf.abc	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_32808cdfb7bfa047\vds.mfl.abc	update.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-zipfldr.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fc17744762284726.manifest.abc	update.exe
File created	C:\Windows\winsxs\FileMaps\$$_web_wallpaper_scenes_bd7cd5771e94d62b.cdf-ms.abc	update.exe
File created	C:\Windows\winsxs\Manifests\amd64_mstape.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_ja-jp_b7b37a6c0f6dbdc5.manifest.abc	update.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-mlang.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_cf3a10abc52740f6\README.txt	update.exe
File created	C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.7600.16385_pt-br_039faf2d05cfba61\comctl32.dll.mui.abc	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_6.1.7600.16385_it-it_0e340fffbb256f19\perfnet.dll.mui.abc	update.exe
File created	C:\Windows\winsxs\FileMaps\$$_system32_en-us_licenses_eval_enterprisee_1d6f5a51fa30e848.cdf-ms.abc	update.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-m..nents-jet.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ca283a38cb541b0b.manifest.abc	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a47b34406ef9e8fc\README.txt	update.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12resources_31bf3856ad364e35_11.2.9600.16428_none_64c27f2722454357.manifest.abc	update.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-shell-sharemgmt_31bf3856ad364e35_6.1.7600.16385_none_4abc637e62d6f9b4.manifest.abc	update.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_it-it_fad0b5e167f083ec.manifest.abc	update.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_es-es_6bc8c2f4dd77ad5d\home1.aspx.es.resx.abc	update.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3750d57f67b9b07d\README.txt	update.exe
File created	C:\Windows\winsxs\Backup\amd64_microsoft-windows-ldap-client.resources_31bf3856ad364e35_6.1.7600.16385_it-it_c40ba42e0ae30d38_wldap32.dll.mui_065dbd9c.abc	update.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-wcn-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_3e0ef24b0d1162d7.manifest.abc	update.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-i..p_profile.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_8688c2638a8753e2.manifest.abc	update.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-devicemetadataparsers_31bf3856ad364e35_6.1.7600.16385_none_c6c96b821da83d30.manifest.abc	update.exe
File created	C:\Windows\winsxs\amd64_networking-mpssvc-admin.resources_31bf3856ad364e35_6.1.7601.17514_es-es_9ee17dcfad901389\AuthFWWizFwk.Resources.dll.abc	update.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-e..ehprivjob.resources_31bf3856ad364e35_6.1.7600.16385_de-de_49e806b857d27fcf.manifest.abc	update.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft-windows-autochk.resources_31bf3856ad364e35_6.1.7600.16385_en-us_49645dc252e24b19.manifest.abc	update.exe
File created	C:\Windows\winsxs\amd64_wiasa002.inf_31bf3856ad364e35_6.1.7600.16385_none_bfa404db77af1a41\SA216x.icc.abc	update.exe
File created	C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ineclient.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4c9102273e6d925e.manifest.abc	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\2.png.abc	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6f6acb50bec51897\README.txt	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ole-automation-stdole2_31bf3856ad364e35_6.1.7600.16385_none_44cbb4eb32a6507b\stdole2.tlb.abc	update.exe
File created	C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ecore-acm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_5826b01910a69bd4.manifest.abc	update.exe
File created	C:\Windows\winsxs\Manifests\x86_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.7600.16385_en-us_3d419a3aa700badf.manifest.abc	update.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_6.1.7600.16385_none_a0a25363eee12f40\README.txt	update.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fe8f8ca0a21cfbfe\lipeula.rtf.abc	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.1.7601.17514_none_dad8f242792a4d59\README.txt	update.exe
File created	C:\Windows\winsxs\amd64_prnca00b.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a5e5dc6b6ec43ed1\CNBBR332.DLL.mui.abc	update.exe
File created	C:\Windows\winsxs\Catalogs\182153edc5d281d336415ccb4a5c079b7dd815d0bb6f2d24e1bf6f6f8ef551e4.cat.abc	update.exe
File created	C:\Windows\winsxs\Manifests\amd64_netfx35linq-system...a.datasetextensions_31bf3856ad364e35_6.1.7601.17514_none_b547268892a0926f.manifest.abc	update.exe
File created	C:\Windows\winsxs\Manifests\amd64_server-help-chm.tas..eduler_lh.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5e1a6b84df8c850.manifest.abc	update.exe
File created	C:\Windows\winsxs\Manifests\wow64_microsoft-windows-netfxcorecomp_31bf3856ad364e35_6.1.7600.16385_none_d2fbd983d0f4e76f.manifest.abc	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7601.17514_none_a026547dd7dc8bbc\README.txt	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_6.1.7600.16385_es-es_863b6ebd0410228a\mapistub.dll.mui.abc	update.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-fontext.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b938ef17bd4ff8d2\README.txt	update.exe
File created	C:\Windows\winsxs\Catalogs\a3f33bd0f719bbb9d1c40753165038620ce56a64dc46b83d331dc407f2b29af2.cat.abc	update.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-ntdll.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cede4f0eaa33bc3b\README.txt	update.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-a..-provider.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e247f4fb089a16ba\README.txt	update.exe
File created	C:\Windows\winsxs\amd64_prnky003.inf.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b88b045e9077d24\prnky003.inf_loc.abc	update.exe
File created	C:\Windows\servicing\Packages\Microsoft-Windows-ParentalControls-Package~31bf3856ad364e35~amd64~de-DE~6.1.7601.17514.mum.abc	update.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	update.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	update.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	update.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	update.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2160	update.exe
Token: SeBackupPrivilege	2160	update.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2160	2868	update.exe	31
PID 2868 wrote to memory of 2160	2868	update.exe	31
PID 2868 wrote to memory of 2160	2868	update.exe	31
PID 2868 wrote to memory of 2160	2868	update.exe	31
PID 2868 wrote to memory of 2160	2868	update.exe	31
PID 2868 wrote to memory of 2160	2868	update.exe	31
PID 2868 wrote to memory of 2160	2868	update.exe	31

C:\Users\Admin\AppData\Local\Temp\update.exe
"C:\Users\Admin\AppData\Local\Temp\update.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\update.exe
  "C:\Users\Admin\AppData\Local\Temp\update.exe" --foodsum
  2⤵
  - Drops file in Drivers directory
  - Enumerates connected drives
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\mscss7cm_es.dub.abc

Filesize
2KB

MD5
0af9489aecf4d750bef8d0c4a9fdf46c

SHA1
e01ed2bce59c0f4d5515fb9afabc45efc94364a5

SHA256
b20e80164b74fa31eeff96fdc89d3f387bb09455b27d7a98ba564b940254f8a1

SHA512
46c7a63f4fa79cb151891022ada657eb0e5eddde8d29bd143b503f2870b7ef6265f31de08f7b7cae141d8369bfa4608219d5ae3bc8d664d40db41b86b8b2b304

Download Submit
C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.abc

Filesize
8KB

MD5
4b66cf2e8620f626f05af7ca70e1807e

SHA1
464bc34f5bc5694f83e3bed5941f082a22cd3099

SHA256
7218c6fc3c081413d42591d317f8684bb8de2beb94d56c9b4f04bc4164e68581

SHA512
c11bb625b529fad395966078ddf9039783e379ed6001e076c007f7cee7066c4dd247130bd4055ac5b89d9563748827b2be38421e9ddf66337bb850bcce217253

Download Submit
C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.abc

Filesize
672KB

MD5
eeb8e3c2b360612561a939cd0bd4b365

SHA1
562983ff0f11daa9927fc0546ccfc1b383d8887a

SHA256
3483e4668e2133f5aac7918bade7b4f317fdd7ea52cd04f703fc1f0b4edde7e4

SHA512
3c47a83fb676e9213d8c9aa3b086b0c36bcf1a928f461a6acc860823a463f1eab396dba6118d2255b36fbcff3562d52790cc30073fa0fcfa7359621b7f03645c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab208D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar20AF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Desktop\PublishConvertFrom.mpg.abc

Filesize
823KB

MD5
3a8649e94ae44d1d3e96e6ab2dd3561a

SHA1
82ce26af7e2b56a61563f58f8265148f77a782e1

SHA256
5e00eb2de5a30a0a41a03b7a5f3bf7f6a039ec514118f528e039779c033788d6

SHA512
6ddb648515042e80a189cb5b3ec6d773f797144601dc95be372b0dd0435c7ffa97e50d0828e73e143613863488b9b56b8ff9f53853bf311415d264dea7559740

Download Submit
C:\Users\Admin\Documents\README.txt

Filesize
111B

MD5
92624a93579f4c479a34ef4df48ad394

SHA1
05003f8abd4272b3cfe681de036be7b683a189e2

SHA256
da608ad13019c8f04f84aae2fc67621cb91ec6f52c0412cc9e9a3feb9a37134d

SHA512
4a3e540f95fc7135dbd57cff693f69b1c16ede2a34732bd6b231374e291931670cf0b439731c0fc03ea6a4a98a60b66bdbd9729a19d95e1e8ddb719bbc17c36c

Download Submit
C:\Windows\Cursors\arrow_rl.cur.abc

Filesize
1KB

MD5
851f7c1e3cef08accfc7b06b5a880281

SHA1
f3e2e2f296f9a8e8595eb16d5d8e8715307b2512

SHA256
83134da2d60c96984e878d44b88a5b12a8dd907a262c76c56a81a142cbd363f0

SHA512
2a64fd643097ba34f1a2dab38f1cbdb7a2d20f32661ea48ec8db74fbd20a682209062c43bf8072a07f162fb10fbcd479042a3fa36ab52ce06f0e8590fc14145e

Download Submit
C:\Windows\Fonts\msjhbd.ttf.abc

Filesize
13.8MB

MD5
b9b120f37133a884b323016d180008dc

SHA1
dac054788b5f366332a915c59687fda6a84774f7

SHA256
8c4cec84855d47951d8074d6dd6607a11e9b06a046e9b05b2cd955c3e926b382

SHA512
12a8c37dfd90b46a3d69de3cf84688b9c81f166099e74b2e13ffbfe06a6860cfa2a3d640f89631e87c14499aaacb31583e99b686fdb79110a79d53007d4f4b89

Download Submit
C:\Windows\SysWOW64\de-DE\hid.dll.mui.abc

Filesize
2KB

MD5
1b5c9fdba43948f84fb602a22e7b1ceb

SHA1
a0027325c138faf6a80f4d7f96f50fdecf21d4d4

SHA256
2354e12fb1833ff7381fb5dd2ceb18e73b663f9875aa4dff4da421b52d22538a

SHA512
fa80e252968b6ed8872380226fe25c434098b8b270a9d1db3f84217d359a3594de2b499d63102f7afae4e7d0445d3dd4d482184a5a51fe2d95b95fad5260dcbc

Download Submit
C:\Windows\SysWOW64\en-US\eappcfg.dll.mui.abc

Filesize
2KB

MD5
a02e29f8372e1c03b3fab282443fb74c

SHA1
ee6125ae7caf8ac67ab65b3eb79d6bfbec118a5b

SHA256
acee200c94cf6c6df55f25332516d7cdd8f81347eff4f6e912552cb9097cb15b

SHA512
a4ffa5ae6c2af83e41279aeb52dac983e1dcd8bf2a716c46a9d5019917e1f4702fafe12cfa54632dc44d587eac35dfb28c32658001de454e2a0141433aab46e1

Download Submit
C:\Windows\SysWOW64\en-US\mciqtz32.dll.mui.abc

Filesize
3KB

MD5
18920cf1faf6e364c7a4d3c09e085f73

SHA1
0db1f786f8389e8202c3ed01fe88f255b31cf60b

SHA256
beb19f21cfe95e4404271dd8340ab72bf3671f63e7300053939063cd1e8903e8

SHA512
a2bf3ffe39474fac2a51f32277758333b797622a83d72b564e61d147fc9d2154d7b3b9d25adf761fb3ca9ed4aaab93da864e560af656543bd6262ec9de75d3eb

Download Submit
C:\Windows\SysWOW64\en-US\nsisvc.dll.mui.abc

Filesize
2KB

MD5
6421114fa13d59a3553ab88302fea34d

SHA1
f5e4eebb0df14653dd033e31da060cac4333d2e7

SHA256
872829678256c632afd8c05eca8990b88b78768224b51cadd1288f11c8708c17

SHA512
c806a7a2c92c4f351b5c00b3680ea57aee89f6c57dde0b661c4b918553ded8c4b6757bc95e282871ddcf3863b036eb17732e81f034d37404d8ee8212dc3fe654

Download Submit
C:\Windows\SysWOW64\inetmib1.dll.abc

Filesize
51KB

MD5
dbf32e6c84a76c9f5eb734b03b3ccc41

SHA1
3e12ac21859484e4a208b4fc1d23feaa257b56fd

SHA256
ac1af274e36af3dc89048d38a5ff1a8a49d2fabf3fa7b3462be4dfc45451ed2c

SHA512
df00f7ead7aa98005dcab967f834f9b308356cb6408d7ea2a78769cdb34bb29d4d7c9d1c6f61a75a2202c3d5343cc029c1d642bf7edef9998a714a19bb78c938

Download Submit
C:\Windows\SysWOW64\it-IT\certenc.dll.mui.abc

Filesize
2KB

MD5
eec04fbf2e5df37a87988e06ffe65a43

SHA1
371153fda533802b864e053d285333abd79a7322

SHA256
5dd405b9e5eb70f651ca63ef75057e45eb00f09173936fdfdcbcec8f90d08bed

SHA512
93cf51b2b2c075197822508e9a625a97138d9230dc1ebbdc2b6481ce86753c116fc94665c2b9a91ac87dae3ea6ee5409711297fcb94d14a4ec26078cef073d19

Download Submit
C:\Windows\SysWOW64\it-IT\dhcpcsvc.dll.mui.abc

Filesize
2KB

MD5
d0cd91fc8b973d3b50228a14e8c6f0ef

SHA1
6884f3e11ad70cf4cf8175ae1104da4ab819cca2

SHA256
0721f633224b28872aee9672c650db2a98f4f4c50214e30ca45de47ac517be21

SHA512
c4be9f058ab146c611adcc04e755b5cb64506d944f93ad490b9b18d955f9e05c40f26839b3935e55ac13a2b5f15d29715fc4e33301395e128dc575a01d66bda7

Download Submit
C:\Windows\SysWOW64\it-IT\mscms.dll.mui.abc

Filesize
19KB

MD5
e53df2dd2f5ac0f1ee5df6d3ab25956c

SHA1
b18433935c158d68db447ed8851dcc654f7a5189

SHA256
801420b0ee81d82c62b7cfd513a9541df150faf248f65fc7730b499c70af722b

SHA512
72adc123df7a79882fb80366022add1d561df4696ce433a62229736fe33412208805d6c2911aa57a8a6f70eb8b259e3952cfdca63812c2c3737f3e9f004653f2

Download Submit
C:\Windows\SysWOW64\it-IT\qdv.dll.mui.abc

Filesize
4KB

MD5
1047f02de3318d4ff807922120e163df

SHA1
44043ed86e7eecd7a2387d88de049e4761165d3f

SHA256
c5884caf20bef16a99a2ec8a5dd17c46c7a84a06ed419c4247cbd9b3e6d16b37

SHA512
04006ff18007c848ef87ba7380d082a8a1332b74812ea96809a0c6f8326ddb137ab37a46680342f3451739034d6eee623aaa69328c448eec4a4468972532576a

Download Submit
C:\Windows\SysWOW64\it\AuthFWWizFwk.Resources.dll.abc

Filesize
68KB

MD5
0adac6c93d26af43a245e1b06823c531

SHA1
d6f55575d82a3f62186208d6cf69e4afde8d32db

SHA256
4bf34be7dccc8ce67384b5d93fa071ba0fae512f026cdcdfdcdefd30052bb1a4

SHA512
a8f3d93048146f10803fcd0e76cbf66d5c88bc82b6ed9c7c0ab0b4c092d83f20ad3c8319bebad68226289b269b2f6e5979a58bb3cf71a888aba5105a5061496d

Download Submit
C:\Windows\ehome\es-ES\MediaCenterWebLauncherRes.dll.mui.abc

Filesize
3KB

MD5
8a409d7b04997d61e75747df94921f22

SHA1
22d32228b67369247bf4626ca4e249574567643e

SHA256
5556669d791cb3bd3ba4a49851844b89eb363b6f222f19d5eaded0e35139b020

SHA512
50472f2c52d33b01f7bb840b42fe7504562d81bbe46c1f4b5831e9f1a38f487768715bc3f78947fe547158ab99fc6a5020068eab5bbb218c91411d4af6126ac3

Download Submit