0a6f8c9ca82584c22026c75628664b6d176b72d4614aaebfa395702d468de3d7

Resubmissions

19/08/2024, 23:09

240819-244vjavdmm 6

19/08/2024, 23:08

240819-24vlvsvdlm 1

Analysis

max time kernel
121s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 23:09

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

917C4F3E-13D6-4175-AAC0-AA0C9ED36578.mov
Size

40KB
MD5

60a526173fe6d7721102a43307061563
SHA1

cb57ae910065450dcee1f4def1ff171033db663b
SHA256

0a6f8c9ca82584c22026c75628664b6d176b72d4614aaebfa395702d468de3d7
SHA512

cc2a21954f22ef50a076686e237f7976d11f56b9eb117ca05c8bc8fddf32388cb7f4f309f0a8e7be70c251ccaa2331ac834a8d7f03f6d00697cf2195c06aa0d0
SSDEEP

768:BJBEz7LzyfpuMFh9+jS/IqGUrYC6sfQo3vw++Gwh5yL6Ry6XRd:S/Lzc/+jSgqNuod/wlG+5C6c6Bd

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
988	3148	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 17 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{51BD7A8F-5E80-11EF-84CD-62872261FF50} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "103"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{6C671BA3-0FAB-46B5-951E-A924DEF35F24}	wmplayer.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3148	wmplayer.exe
Token: SeCreatePagefilePrivilege	3148	wmplayer.exe
Token: SeShutdownPrivilege	4388	unregmp2.exe
Token: SeCreatePagefilePrivilege	4388	unregmp2.exe
Token: 33	1624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1624	AUDIODG.EXE
Token: SeShutdownPrivilege	3148	wmplayer.exe
Token: SeCreatePagefilePrivilege	3148	wmplayer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3148	wmplayer.exe
3028	iexplore.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3028	iexplore.exe
3028	iexplore.exe
2128	IEXPLORE.EXE
2128	IEXPLORE.EXE
5064	LogonUI.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 2216	3148	wmplayer.exe	84
PID 3148 wrote to memory of 2216	3148	wmplayer.exe	84
PID 3148 wrote to memory of 2216	3148	wmplayer.exe	84
PID 2216 wrote to memory of 4388	2216	unregmp2.exe	85
PID 2216 wrote to memory of 4388	2216	unregmp2.exe	85
PID 3028 wrote to memory of 2128	3028	iexplore.exe	129
PID 3028 wrote to memory of 2128	3028	iexplore.exe	129
PID 3028 wrote to memory of 2128	3028	iexplore.exe	129

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\917C4F3E-13D6-4175-AAC0-AA0C9ED36578.mov"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 2276
  2⤵
  - Program crash
  PID:988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:2208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x3f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1624

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3148 -ip 3148
1⤵
PID:4300

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\FindRestart.xhtml
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2128

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3917855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
063793e4ba784832026ec8bc3528f7f1

SHA1
687d03823d7ab8954826f753a645426cff3c5db4

SHA256
cb153cb703aea1ba1afe2614cffb086fa781646a285c5ac37354ee933a29cedd

SHA512
225910c24052dfdf7fca574b12ecef4eb68e990167010f80d7136f03ac6e7faa33233685cbf37b38ee626bb22ff3afeee39e597080e429be3ec241fb30af40c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
a6444e3af3c746bd8bb15fab2548515c

SHA1
1cded924e42acea2f1486104971c0526b9951fc7

SHA256
1e882423e3446117164c618cacb90ebf60c4d6f29ca81a8e24a6886c0f79298d

SHA512
a5de2e3c1b098a1a8534cdcbf6d8d97003862e7e20355a35cce6fce6ef59dfba63b51af5bb62b8f9bc1d3ac23ee0c862420606036b92bb917363ff6c4b759b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
d715534712c762169a7cea2136e53fac

SHA1
379c6d2fe9635b91d447350919cd1c64dcf74058

SHA256
e50a01da247ad8c147254a0543457527c77f22f21709b09340f5393cd0cc809e

SHA512
01eb2bee4f169016753af1e3a1def22ef8aac2e8f8404ba9e5eff2130c7da58afd216fd93e39bc86c1dbf96b9e22940be508b4857998fd7118239a8e32fbd4e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
51c3f4d1937ef5fe9c4e0907d2c7c9da

SHA1
cb7f9f9eea57619974df17f67c4d16213c0b00e0

SHA256
ba0116469ac2699d1a34220a1d844af1b33f23dd0404d863ab64f26cf8ff5e81

SHA512
6c7e30e8e1230ae0a933d53643088a34e277e7a487c514a82547cc846ad60ba6106e337947f8a252c3fe42ef70f5e416d40710e8e783113b4c3cbd0b75e76c28

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
c03cdf13039cc4582bea1caa6f7537a8

SHA1
1c698f1493e140ead4ac8c4ae5b1d1ce42b35172

SHA256
01934509267b243b592bfd41e023e63eb94383863955344b17d9fba56f56f166

SHA512
ee8bebf9f1b76ef7cbc31c3b2b4942fc89f0562f909bbebe752ccb2db1fa0aada533e9ab68fa0be887497c7e2c18381c43dcb954d493e97bb3c9ab820477716a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
fb63d1cc7796036b3789f92aa735415f

SHA1
6a4381cab17aa104fc617419bcaa55741bd844a8

SHA256
9cb05fff1993729368da28309fb7cc2762b40b13aa163af71e70ff509708d6f2

SHA512
ef2d9068bc1209ce43927acd26ccb08111c449a0d5ca13277c5390d7d9394ecdab6d04346a207d1a85d53aa4af8edc41bbb1b6b8b08bd1dc8ab6219d7e3f8c0f

Download Submit
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
380KB

MD5
badadce5cee36e4af392ec31a0b7c092

SHA1
d6721e425f3afbd1f34685de2fb3ead94e17727a

SHA256
3adc8b55578867731cd2080d31941e6d4845edca0e30c09252c20eee9bc21596

SHA512
eb359240b0f80f6da77039b178ad4d9f122de50687f95b711f97e9d090edeafad922734d1c6a4e2f7180391dc61f8648cab56861858d41a83e6c58e7f70be0b5

Download Submit
C:\vcredist2010_x64.log.html

Filesize
86KB

MD5
a968e36442bc883a80f7b9e3a05a010e

SHA1
ce9f85ebe37996a5ad79360bd713bbfd5e72264e

SHA256
a3ab8927b7f6b38244a3d34f8e99964e90b03ced6837d71d28139cfa2c8741ab

SHA512
b9b2460a61bc30141ac5437c0a8641afa8768d88325442042ba32b260698d1110db72af6f232c9c9c77e94bd8b7ff0400c610f42375ea045e1b53b1c260cb6ac

Download Submit
C:\vcredist2010_x86.log - Copy.html

Filesize
80KB

MD5
263f18ce8a9bdb8f0de3969e1c562f25

SHA1
8033cae9171e9f4e117c2ec9ce81a54eb57f6c82

SHA256
813d5c18c813c74800441842ddce5cd8fdd82b7df66c37b86d8cbfa860c48e07

SHA512
03d2df4388c0b6fe6246e68e77ac1595d1bce0913909e2e2eec5fb815933bbe516a41d12f001f9a87bcad333085b0f6e21370ea25f5531ecbc4700fffdba07cc

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi - Copy.txt

Filesize
395KB

MD5
0028a40d00c28ced4e76877a4999ed0d

SHA1
d3472f746bc5349f7568696044b156f46f5f001d

SHA256
1fc93197acec8c892d56019b9aa04675a580deb9e8834aa0cd92b2b24856e69d

SHA512
2dd663435a438564b0ef934ca0617b738acceb68663edcafb4e6ec147f2a4d6df50c43215244fe2fc97ba2b2d137827f7e3ff6c567f78e3c3396ff694dea0915

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
168KB

MD5
2731427f9bdd94ae3659b8ecda8848e9

SHA1
fff461b9a4d332416f6ee1ff59bfc11c259c815b

SHA256
639a19bfc71074995dc82beab0ce62fbbe799af5b92541da924d0d739b6a6ee9

SHA512
ee70dc603e3a08feddf6d274dee88aa30293347b89625b04dadf0ed1088c783f0aaff2edfe59dede642d1fc413a9966a04c4f5a32e1fe1b6ed2e7479a1ee0a5c

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
195KB

MD5
56e91f47482915e4f4f1a7f43c578ec1

SHA1
a67a1846497f057cbab8e932c86a74577a77bc95

SHA256
d0aa1a58e8e7968d40b06dd9c3ada873e4b2d572c061d0fe54b970b6e46a6d0d

SHA512
4cca4ae72f73e48c03cede6c51406838804e7bcb98c106ddaaa7a9f388def6c2a6258f09725f950e69b3d4e38efb0ece56f2ad4d6da019db587af1b819ede9c8

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
171KB

MD5
fc07f78657451c6b8662ded1e17e07a9

SHA1
59da72f56beec81cd9f5cb131bc81cefa74d5d4a

SHA256
7cf403e45d021b204a9769d728c448205fe23bd3b0b526483ad136722dfce6ba

SHA512
b6587713e0757c1ed8ac1af8b858b146b17f4174062994d25022cea5c0b3f9e9beb249d5b50311692c607f2bc8584b20f8b417e8e2f35690924b2f58207553ee

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
208KB

MD5
7bc73e817cf9904f79c1e3b0a48a007f

SHA1
53e839456febe1f1974671c1f166f21661a7f792

SHA256
814c97d67ad0333fd75160866dfe094131bbc686b487704739ab8867d9d9d15a

SHA512
fdd8b6009a88fb2e06fab7c20c4af5aac76c0f41168597309b110d6ed548a6f72c1a2bf3f5ad01df36f40a350fcbd06a51b1afabdca675aa16819589283fef55

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
170KB

MD5
f128033f01c0b457503869d12e06e886

SHA1
905a2e81df6feddfe0fbf149e775b8026f889366

SHA256
e80a0668814595e642595520993590a74f66912d2279adbb2965758626dfd149

SHA512
71e445501110d6318f46addbd508fc32bbc629dca01fb31a756d5cf43db2e0b4f3aca0c6f87cc070757ace078eaee3a529338f9fdbf95cf7dee3ba31434c0ea3

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
191KB

MD5
cba7edb4bb7c8f482e35903fc5540ca7

SHA1
172a3c2d8acb3d4821a707f43d65528a58016812

SHA256
f77182a700057e62415469bb2bda51b47c10a59386978c806800444ff41aade8

SHA512
a22d33e0b9076f56b32aa593bc9efe8a98396a7e3aee0674265ceaef4f7dbb9c58630ac19940f98548ff3b6608a5476913e58924f1dd5d6fe8b77e38ff371d59

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
f1b7c5c39bd61c4df40c441c3197509d

SHA1
58a7fbe7ca644b54b6b9e681d72fd782ea9c468c

SHA256
e34ce35726dac16cdfb5c6b698d4d3543f0e615e7c53f7d60a83a29a1d94d2cb

SHA512
e5004a8770a2a5b60f3bf539c686e94e36d870c73f7525bccc5cba0d265b27540e824a73e94b0a64afe7deddc50580c81f849d78814ba996db43404a7dacdc1c

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
198KB

MD5
d68c2d108d9b22214b14b1d23bc58015

SHA1
5ab71b22b02746ecad5a014263da94016363ba5e

SHA256
f91f9c00001988460d925d267d88e92c72f2e252fd2e057d59a1c17875b52961

SHA512
c11fd51425b1b13bb8ed6409ce142c6575d122c9907da5ca669665686be3099cc9752f1463506af8e8357cf3151ff3d0efbdc8019f7254c3477fb8ba11d6810e

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
123KB

MD5
f5825dedce433b43ed46fad01de04596

SHA1
5d97c62d1ba05bde7d9ae3e29f89fb7d8eb9fa41

SHA256
5411f754bea6f4c79e27f5e2163ac6e33d836f7013d020fc169211f8c16029a0

SHA512
e1ff222f098de6daa188d8e5c2e24a15eac0cdd25b5d2815fb8827bb5ee086ba291babc2bd7ad6010f2bc06a6ed33b3bd56656861e4b2420b00b13714ae85723

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
129KB

MD5
a6d22c586abee8fb8baca1d8dc734e73

SHA1
8171ab381d7cbcf8444b36b1893080ea480236f0

SHA256
a34819c30cb666f68f48c1ff6647c1b1ca6c7fdcfd29afcc622d1dfdd89d4ca7

SHA512
3fa7a58533c01c1455127819be49d82714a01629f9f1b71fc0563103f7b5130018d6b3f3c2f98f486dd2a42300fc4da6735046001633ee6cfe07fd4ec6cb6e1c

Download Submit
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log

Filesize
123KB

MD5
c2d2f42e1f9930c7957e132f548de1cf

SHA1
703777df948b2c06ba419a9633d6a541fe49bdef

SHA256
fd4b12d10a8bef89953edfedbde76e017d511614286c2a95f1f387dc7f34c6a8

SHA512
8c520c2e3a9a2380e1755b820bd86380697f41f6600e9ef914579e2e326365c955e2a5f719e0f2c1839cc959733e8b69fbb5d3522e05cd1f67f02853aa0e5390

Download Submit
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log

Filesize
135KB

MD5
ad9f238e2462e55353cb34063864fd8d

SHA1
b3b11db6bd263c668550d04c85764693c487f788

SHA256
8c859cf9ad2f21791aa8a3f0bc6cb1af87654271c49c603eb7c081bc58e21ae0

SHA512
0579d08e7a0b908abe431f85c0f9aecb901e7755cb6db74a911ecbcbdfb1ebb8019143234fcaced82ea45393acbf0af5188f3f07103f8741b9a9b8fd3fe6c02d

Download Submit
memory/3148-85-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-97-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-68-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-67-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-69-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-70-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-72-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-74-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-73-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-71-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-75-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-76-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-77-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-78-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-81-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-80-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-79-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-82-0x000000000B7B0000-0x000000000B7C0000-memory.dmp

Filesize
64KB

Download
memory/3148-83-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-65-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-84-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-88-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-89-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-90-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-92-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-93-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-91-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-87-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-86-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-94-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-95-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-66-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-96-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-98-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-99-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-100-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-101-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-102-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-103-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-105-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-106-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-104-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-107-0x000000000B7B0000-0x000000000B7C0000-memory.dmp

Filesize
64KB

Download
memory/3148-108-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-110-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-64-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-63-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-62-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-61-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-60-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-59-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-58-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download
memory/3148-57-0x000000000B7B0000-0x000000000B7C0000-memory.dmp

Filesize
64KB

Download
memory/3148-42-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-40-0x0000000004E10000-0x0000000004E20000-memory.dmp

Filesize
64KB

Download
memory/3148-41-0x0000000004E10000-0x0000000004E20000-memory.dmp

Filesize
64KB

Download
memory/3148-39-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-38-0x0000000005050000-0x0000000005060000-memory.dmp

Filesize
64KB

Download
memory/3148-37-0x00000000050D0000-0x00000000050E0000-memory.dmp

Filesize
64KB

Download
memory/3148-34-0x0000000004E10000-0x0000000004E20000-memory.dmp

Filesize
64KB

Download
memory/3148-33-0x0000000004E10000-0x0000000004E20000-memory.dmp

Filesize
64KB

Download
memory/3148-31-0x0000000004E10000-0x0000000004E20000-memory.dmp

Filesize
64KB

Download
memory/3148-32-0x0000000004E10000-0x0000000004E20000-memory.dmp

Filesize
64KB

Download
memory/3148-109-0x000000000BEF0000-0x000000000BF00000-memory.dmp

Filesize
64KB

Download